Re: somewhat OT: sudo question





On 09/09/2010 05:32 PM, Ranjan Maitra wrote:
On Thu, 9 Sep 2010 14:18:43 -0500 kalinix
<calin.kalinix.cosma@xxxxxxxxx> wrote:

On Thu, 2010-09-09 at 14:12 -0500, Ranjan Maitra wrote:


On Thu, 9 Sep 2010 13:59:18 -0500 JD<jd1008@xxxxxxxxx<mailto:jd1008@xxxxxxxxx>> wrote:


On 09/09/2010 11:41 AM, Ranjan Maitra wrote:
Hi,

I would like to set up sudo permissions for myself (let us say) such
that I do not need password for /usr/sbin/pm-hibernate
or /usr/sbin/pm-suspend but need it for everything else. Anyone know
off-hand how this can be done by adding lines in the /etc/sudoers file?

Many thanks and best wishes,
Ranjan
Append a line like the following to /etc/sudoers

ranjan ALL=(ALL) NOPASSWD: ALL
Sorry, maybe I was not clear. I wanted to have the ability to use sudo
without password for the above two commands, but use sudo with password
(required) for everything else.

Will it be enough to type the two commands with a comma separator after
the NOPASSWD: (and instead of the ALL)? I guess I could try this, but
wanted to be sure.

Ranjan


--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx<mailto:users@xxxxxxxxxxxxxxxxxxxxxxx>
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines



In aliases section:


Cmnd_Alias HIBERNATE = /usr/sbin/pm-hibernate, /usr/sbin/pm-suspend


in the main part:

rajan ALL=(ALL) NOPASSWD: HIBERNATE


This should do the trick in the way that you will be able to run any command (ALL) and you will be asked for the password, except for commands that are defined under the HIBERNATE alias.
Hi, I have been unable to get this to work. If I do exactly as above,
or even forgo the alias and specifically write

maitra ALL=(ALL) NOPASSWD:/usr/sbin/pm-hibernate,/usr/sbin/pm-suspend

in the main part, nothing works under sudo. Specifically, even a simple
command as sudo yum update yields:

Sorry, user maitra is not allowed to execute '/usr/bin/yum update' as root on (name of machine).

What is wrong here?

Of course,
maitra ALL=(ALL) ALL

works just fine, but of course, asks me for my password for every sudo command.


Fact is that once you entered the password in sudo, it will be remembered for the rest of the session.
Really, in my case, there seems to be a time window of around 5 minutes
or so before it again asks for a password. I like this feature (which I
thought was default everywhere, but I guess not).

Thanks!
Ranjan

You have a typo.
The entry in sudoers should be:
maitra ALL=(ALL) NOPASSWD:
/usr/sbin/pm-hibernate,/usr/sbin/pm-suspend

Notice the space after the colon :


--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines