Re: sudo is acting up

To: debian-user@lists.debian.org
Subject: Re: sudo is acting up
From: Vineet Kumar <debian-user@virtual.doorstop.net>
Date: Mon, 19 May 2003 10:27:45 -0700
Message-id: <[🔎] 20030519172745.GA6142@doorstop.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20030518181434.93655.qmail@web41807.mail.yahoo.com>
References: <[🔎] 20030518015153.12c1429d.ronin2@bellatlantic.net> <[🔎] 20030518181434.93655.qmail@web41807.mail.yahoo.com>

* Roberto Sanchez (rcsanchez97@yahoo.es) [030518 11:34]:
> Anyhow, how do I change the option for the password prompt?  I ask because
> my two computers behave differently.  My Woody box never asks for a password
> but my Sid box does (and has about a 10 min window before I have to enter it
> again).  I would like my unstable box to also ask for the password, but after
> reading the man pages I still can't figure it out.  The sudoers man page
> states that I can change the default for 'authenticate' to PASSWD, but I
> can't get the syntax right and there is not a similar line in the example
> sudoers file in the documentation.

I thought you said your sid box does ask for a password?  Then you said
"I would like my unstable box to also ask for a password...".

Anyway, assuming you mean you DO want the machine to ask for a password,
no extra setup is necessary.  The defaults are to ask for a password if
the user hasn't authenticated within the last 15 minutes (IIRC).

This behavior can be overriden with the NOPASSWD option, like this:

vineet  ALL = NOPASSWD: /sbin/ifup eth0

If you're never getting any password prompts at all, and your sudoers
file is pretty empty (no other options that are changing sudo's default
behavior), you should also check /etc/pam.d/sudo.

Also, as the topic of this thread has involved which password sudo asks
for, I thought I'd throw in my 2 cents as well.  Some of the statements
about which password sudo cares about have been too strong, IMO.
here's an excerpt from the manpage (sudoers(5)) that demonstrates why I
say so:

       rootpw      If set, sudo will prompt for the root password instead of
                   the password of the invoking user.  This flag is off by
                   default.

       runaspw     If set, sudo will prompt for the password of the user
                   defined by the runas_default option (defaults to root)
                   instead of the password of the invoking user.  This flag is
                   off by default.

       targetpw    If set, sudo will prompt for the password of the user spec‐
                   ified by the -u flag (defaults to root) instead of the
                   password of the invoking user.  This flag is off by
                   default.

So sudo _can_ be configured to ask for the root password, or the
password of the target user, or even another password entirely (e.g. one
for sudo use only).

good times,
Vineet
-- 
http://www.doorstop.net/
-- 
"Computer Science is no more about computers
than astronomy is about telescopes."  -- E.W. Dijkstra

Attachment: pgpGfEhYdqs5Q.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: sudo is acting up
  - From: Roberto Sanchez <rcsanchez97@yahoo.es>

References:
- Re: sudo is acting up
  - From: Kevin McKinley <ronin2@bellatlantic.net>
- Re: sudo is acting up
  - From: Roberto Sanchez <rcsanchez97@yahoo.es>

Prev by Date: Listing locales
Next by Date: Apache-Perl cant create directories...sort of
Previous by thread: Re: sudo is acting up
Next by thread: Re: sudo is acting up
Index(es):
- Date
- Thread