Re: ssh and debian
On Tue, Oct 02, 2001 at 01:21:19PM -0400, Brian Schramm wrote:
| Sorry for teh confusion. I use ssh to log in and sudo to change to the
| superuser account. I ment sudo and debian in my letter. Now here is my
Ah, ok.
| problem. I log into my remote machine by ssh and then change to the sudo
| system from there. No matter what I have tried it never askes me for a
| password. I have had this happen ever since I have used debian and I have
| never had it do that for me on any other system. It does not matter if I
| am loged into the local console or a remote console. Here is my sudoers
| file:
|
| # sudoers file.
| #
| # This file MUST be edited with the 'visudo' command as root.
| #
| # See the man page for details on how to write a sudoers file.
| #
|
| # Host alias specification
|
| # User alias specification
|
| # Cmnd alias specification
|
| # User privilege specification
| root ALL=(ALL) ALL
| bschramm ALL=(ALL) ALL
|
| This file works in other systems so I am not quite sure why it does not
| work as expected here.
It looks to me like that would require your password ... however a
quick test on my debian box shows that it doesn't.
Some snippets from 'man sudoers' that seem relevant :
The reserved word ALL is a built in alias that always
causes a match to succeed. It can be used wherever one
might otherwise use a Cmnd_Alias, User_Alias, Runas_Alias,
or Host_Alias. You should not try to define your own
alias called ALL as the built in alias will be used in
preference to your own. Please note that using ALL can be
dangerous since in a command context, it allows the user
to run any command on the system.
-----
The User specification is the part that actually
determines who may run what.
root ALL = (ALL) ALL
%wheel ALL = (ALL) ALL
We let root and any user in group wheel run any command on
any host as any user.
FULLTIMERS ALL = NOPASSWD: ALL
Full time sysadmins (millert, mikef, and dowdy) may run
any command on any host without authenticating themselves.
PARTTIMERS ALL = ALL
Part time sysadmins (bostley, jwfox, and crawl) may run
any command on any host but they must authenticate
themselves first (since the entry lacks the NOPASSWD tag).
--------
Hmm, even using the PASSWD: option I still don't have to enter my
password. I don't know why.
-D
Reply to: