Re: Don't try this at home kids

To: Pierre-Elliott Bécue <peb@debian.org>
Cc: Bob Bernstein <poobah@ruptured-duck.com>, Debian Users <debian-user@lists.debian.org>
Subject: Re: Don't try this at home kids
From: Igor Korot <ikorot01@gmail.com>
Date: Mon, 29 Nov 2021 16:55:22 -0600
Message-id: <[🔎] CA+FnnTzJD0+s=4eCnYjaWZr6BqdpO5sF_O8Y4H_up44p4Gj-OQ@mail.gmail.com>
In-reply-to: <[🔎] 8735nemvaf.fsf@jaatynyt>
References: <[🔎] 4oo985q9-pp1o-p837-r65q-o89q2qoo187@ehcgherq-qhpx.pbz> <[🔎] 8735nemvaf.fsf@jaatynyt>

Hi,

On Mon, Nov 29, 2021 at 4:50 PM Pierre-Elliott Bécue <peb@debian.org> wrote:
>
>
> Hello,
>
> Bob Bernstein <poobah@ruptured-duck.com> wrote on 29/11/2021 at 23:25:52+0100:
>
> > How do I tell sudo not to ask me for my password?
> >
> > It's me. I'm on my computer. I already logged in with my password. No
> > one else is logged on.
> >
> > I know all you purists out there are rending your garments if not your
> > flesh. but c'mon sudo! Can't a brother catch a break around here?
> >
> > Thank you.
>
> While I would still recommend you not to do that, here is how you can do
> it.
>
> man 5 sudoers reads:
>
> >     PASSWD and NOPASSWD
> >
> >       By default, sudo requires that a user authenticate him or herself
> >       before running a command.  This behavior can be modified via the
> >       NOPASSWD tag.  Like a Runas_Spec, the NOPASSWD tag sets a default
> >       for the commands that follow it in the Cmnd_Spec_List.
> >       Conversely, the PASSWD tag can be used to reverse things.  For
> >       exam‐ ple:
> >
> >       ray     rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm
> >
> >       would allow the user ray to run /bin/kill, /bin/ls, and
> >       /usr/bin/lprm as root on the machine rushmore with‐ out
> >       authenticating himself.  If we only want ray to be able to run
> >       /bin/kill without a password the entry would be:
> >
> >       ray     rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm
> >
> >       Note, however, that the PASSWD tag has no effect on users who are
> >       in the group specified by the exempt_group setting.
> >
> >       By default, if the NOPASSWD tag is applied to any of a user's
> >       entries for the current host, the user will be able to run “sudo
> >       -l” without a password.  Additionally, a user may only run “sudo
> >       -v” without a pass‐ word if all of the user's entries for the
> >       current host have the NOPASSWD tag.  This behavior may be over‐
> >       ridden via the verifypw and listpw options.
>
> Have a read at visudo's manpage, too. I won't give you the exact line to
> type, as it's a nice way to make sure you understand what you are doing.
>
> But still, you should consider not doing so, as it can bite back
> strongly should your computer be accessed by someone else while you're
> not at your desk and still logged in.

Especially if you have any kind of children... ;-)

Thank you.

>
> Anyway, meh.
>
> --
> PEB

Reply to:

References:
- Don't try this at home kids
  - From: Bob Bernstein <poobah@ruptured-duck.com>
- Re: Don't try this at home kids
  - From: Pierre-Elliott Bécue <peb@debian.org>

Prev by Date: Re: Don't try this at home kids
Next by Date: Re: Don't try this at home kids
Previous by thread: Re: Don't try this at home kids
Next by thread: need help on setup netgear adapter
Index(es):
- Date
- Thread