[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sudoers



Antispammbox-debian<antispammbox-debian@yahoo.it>  wrote:
I use some utility like TrueCrypt and gmountiso that using sudo.

I've added myself to the group sudo:
sudo adduser myself


This does not achieve what you want:

usermod -a -G sudo $user
newgrp sudo $user

change "$user" for your user name.



That creates a new user called "myself". It does not add anyone to the
"sudo" group.


and modified with nano visudo, the sudoers file.
username ALL=(ALL)  NOPASSWD:    ALL
I wouldn't recommend this, you are allowing "username" to execute any command from any location with sudo and without password. This is a security breach ! 

If you want members of the group "sudo" to be able to use sudo add:

sudo   ALL=(ALL:ALL) ALL
Then if you want to grant execution of a SPECIFIC command with sudo without a password then add it to the sudoers file: 

$user ALL = NOPASSWD: /usr/bin/somecommand --someoption,
Better you can create "Comnd_Alias" with a list of commands. Maybe look into the "exempt_group" option, by creating a special group for the users you want to be able to run sudo without password.
But IMHO, tinkering with sudo without reading "man sudoers" to grant all privileges to some random app seems like a very bad idea to start with...
Reply to: