sudoers nopasswd screwiness
Craig White
craigwhite at azapple.com
Fri Dec 9 03:15:59 UTC 2011
On Wed, 2011-12-07 at 09:28 -0700, compdoc wrote:
> > Don't have the actual contents of the file (I am at home and this concerns
> work) but it's /etc/sudoers.d/user
>
> I add my username to the /etc/sudoers file and it works, although some stuff
> like the Update Manager still asks for a password. But, I think all commands
> in the term window work without asking.
>
> username ALL=(ALL:ALL) NOPASSWD:ALL
>
> I've never changed /etc/sudoers.d/user - maybe that's a requirement of
> puppet.
>
> With rsync, I want the command to run with the user's permissions and not
> with elevated permissions. In any case, rsync should run for anyone without
> sudo...
----
sorry - no - but thanks for answering but it seems clear that your
understanding of sudoers/sudoers.d is far short of mine.
of course rsync runs without sudo but can't touch files that are
root:root 0640 and since I am trying to back up configuration files with
this script, this is frequent. I don't really want to run this script as
root for many reasons but this is the same script I use on many other
servers without issue.
It's just 2 particular Ubuntu 10.04 that exhibit this problem though I
am running many others (Ubuntu 10.04) whose LDAP/NSS/PAM are all
completely identical which is assured by puppet. Since /etc/sudoers
and /etc/sudoers.d are also propagated by puppet, I know that they're
identical (not that I didn't check by copying them to a working server
and running diff on them as well as the entire /etc/pam.d directory).
I'm gathering that there's not many sysadmins using LDAP
and /etc/sudoers.d monitoring the list
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the ubuntu-users
mailing list