Fedora Security :: Limiting Sudo - Giving Full Privileges To The Wheel Group In The Sudoers File
Feb 15, 2011
I have previously set up sudo via adding my name to the wheel group and then giving full privileges to the wheel group in the sudoers file. Now I choose to learn to limit that. Had noticed the most frequent use I have of sudo is to run yum update. This got me thinking, could I remove the wheel group privileges and add the following line in sudoers to limit the privilege to simply running yum, and furthermore, make it so I could run yum without a password:
## Allow root to run any commands anywhere
rootALL=(ALL) ALL
Troy ALL= NOPASSWD: /usr/bin/yum
I think that would in fact work (if I understood one of the pages here, it will work). However, upon further thinking I realized that in such a case then anyone sitting at my computer could then use yum, without a password, to install or remove any file on my system � probably not a good idea. As a result I have to ask, can I tighten the privilege even further such that the only privilege so given was to run �yum update� and nothing else? (for example if they ran �yum install� it would fail). If you can do it, how?
Last, I was going to limit the privilege, time wise and try wise, by adding the following to the sudoers file:
# Defaults specification
Defaults:Troy timestamp_timeout=0, passwd_tries=3
Will that really work to limit the elevated privilege so I don't have elevated privileges lingering about, or is there a better way to do so?
View 3 Replies
ADVERTISEMENT
May 19, 2010
I have a number of users, categorised into various groups. I would like one of those groups ("developers") to be in the wheel group as well. I don't want to just copy the people from the developers group into wheel, because then when that group changes I'll have to change it in two places. Is there a way to specify that anyone in developers is in wheel, and have that be dynamic?
View 7 Replies
View Related
Jul 9, 2010
I have a problem access privileges on several folders like this one
Code:
It clearly says that I have owner and group read write and search (it's a directory) privileges.
I login as user master part of group events
Code:
But I can't access the folder (Permission denied).
View 9 Replies
View Related
Apr 12, 2011
This may be a stupid (?) question, but does any one know of a patch for sudo that allows the sudoers information to be pulled from mySQL?
I run multiple servers with multiple people working on them and would like a one-stop update of permissions.
Yes, I could use rsync or the like, but I'm just wondering if this has been done, or could be done.
(Sorry if this is the wrong forum, I'm kinda new around here, posting wise and this seemed to fit. Feel free to move it if it's not)
View 3 Replies
View Related
Jul 19, 2011
So, I'm not quite sure what the difference is? Is it that sudo allows you to "borrow" superuser privileges, whilst su allows you to actually log in as superuser? Also, when I sudo [command] and get prompted for a password, after I input it, things work just fine, but if I su, and then get prompted for a password, I can't log in as superuser... Why is this?
View 9 Replies
View Related
Mar 25, 2010
I get this message if i try to use sudo/gksudo. What causes this, how can I solve it? It has been working for years. If i remember correcttly there was a sudo update few days ago, maybe it doesnt work since then, i havent used it in the last few days.
View 9 Replies
View Related
Dec 24, 2010
Whenever I try to run something as root using the sudo comand I get: Code: ramy is not in the sudoers file. This incident will be reported.
View 6 Replies
View Related
Feb 21, 2011
i am relatively new to ubuntu. Just recenty i have not been able to access certain files(for example the history and bookmarks in the firefox folder), download files individually from the internet(music,fonts,etc), recieving an error message
Quote: Originally Posted by firefox error console
Error: [Exception... "Component returned failure code: 0x80520015 (NS_ERROR_FILE_ACCESS_DENIED) [nsIFileOutputStream.init]" nsresult: "0x80520015 (NS_ERROR_FILE_ACCESS_DENIED)" location: "JS frame :: file:///usr/lib/firefox-3.6.13/components/nsSessionStore.js :: sss_writeFile :: line 2944" data: no][code]...
i have sudo priveleges and can install via update manager. i read somewhere that compizfusion might affect access permissions and i do use compiz and emerald at the same time.
View 9 Replies
View Related
Jul 19, 2011
How can I create a user group that restricts Internet privileges to only members in the group, then I will assigns certain applications to join the group for access to the Internet.
For example, I want only group net to have access to the Internet. Group net is then connected to:
Code:
So far, I am using the gnome group policy manager that is standard with ubuntu but Its not working. It is possible that im misdirected and that I should use a firewall instead?
View 2 Replies
View Related
Aug 16, 2010
since a recent upgrade to Mandriva 2010.1 I am not able to 'sudo' as administrator or when I use the 'root' password. I am the only user on this machine (Dell Inspiron 530S multi-booted with Window's Vista Home Premium, Ubuntu 10.4, and Mandriva 2010.1). I can get into the 'Manage Users' section of the control center by authenticating as 'root' but I can't access 'sudoers file' from command line.
View 4 Replies
View Related
Jul 3, 2010
How do i add the default normal user to the sudoers group? Is it normal for the main user to be kept out of the sudoers group or did i do something wrong during install?
View 2 Replies
View Related
Jul 4, 2010
The normal user is now in the sudoers group. How can i allow it to install programs using it's own password rather than having to know the super-secret Root-Users password?
View 5 Replies
View Related
Mar 15, 2011
Suddenly I am not in the sudoers file. I am not sure how to recover from this. I have no grub screen at bootup, so I can't boot into single user. I think I am going to have to boot a live version of ubuntu to start with. Is that right? What's next after that? Also, how could this happen, I haven't touched the sudoers file or added users or anything like that (well not that I am aware of) I am a little concerned that this may be the result of someone breaking in? Would this be a likely symptom?
View 3 Replies
View Related
Mar 29, 2010
I'm trying to make Firestarter launch as a startup application but it tells me that I need root privileges when logging in with my one and only account!
Can this be achieved without giving this account to much privileges?
View 7 Replies
View Related
Jan 2, 2011
I have a problem when I want to use su I get this error:Code:su: pam_start: error 26I have googled it so I found this topic (http://www.linuxquestions.org/questi...r-26-a-615024/) but it didn't really help me. There was a reply on that topic and his question was what the output of this was:
Code:
ldd /usr/bin/passwd
and
[code]....
View 4 Replies
View Related
Sep 16, 2010
A day ago I finally got around to upgrading the PackageKit installation that had been sitting for a week and a half, so I found a new upgrade for sudo available - the one that gives the sudoreplay command, I forget which version number it is exactly. When I try to use the sudo command I get this notice in my terminal:Code:Can't open /var/db/sudo/me/1: Permission deniedI didn't get it before. What do I have to do to make it open? I'm using SELinux in enforcing mode if that helps.
View 1 Replies
View Related
Jan 7, 2011
i just want to prevent from now on from all users maybe even root from adding other users to groups like wheel for example. I also want to know how can I prevent from all users to create new groups or add users to new one.real
View 2 Replies
View Related
Nov 21, 2010
I'm suspicious that the context of /etc/sudoers is wrong. During the last upgrade to Fedora 14, RPM dropped /etc/sudoers.rpmnew, which had a different context than the real sudoers file. But, when I try to get SELinux to relabel the file (using restorecon or fixfiles), it refuses to make a change.
> ls -lZ /etc/sudoers
-r--r-----. root root unconfined_u:object_r:etc_t:s0 /etc/sudoers
> matchpathcon /etc/sudoers
[code]....
View 5 Replies
View Related
Jan 4, 2010
What commands would someone use if they wanted to see their group priveledges, like if they were in a super user group or various groups.
View 1 Replies
View Related
Jan 4, 2010
I have a problem, I changed the own of all the etc folder, it was a mistake, but I can't change it again, now, I cant use "sudo" because root is not the own. When I try to use "sudo" this is the error: sudo: /etc/sudoers is owned by uid 1000, should be 0. so, the own is my user instead of the root. How can I change it again?
View 6 Replies
View Related
Jun 10, 2011
After install TexLive, sudo stop working. If I run sudo:
Quote:
sudo: can't open /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
Edit: Hal and dbus is not working either, if i startx I don't have network manager or automatic mount of pen and disks.
View 10 Replies
View Related
Nov 6, 2010
Is there any way to user can increase or lower his privileges? I tried by "semanage login" but it works only for admin i think. I would like for example change range form s0:c0 to s0:c0.c10 and vice versa.
View 6 Replies
View Related
Feb 1, 2011
Now I have set up a terminal server at work, with Ubuntu 10.04LTS and Free NX terminal server. All works great, over all expectations. But I have some file permission problems. In the home folder I have mad a folder where files that all users should have full access to is put. The problem is that when a user puts a file there, only that user have full access to that file, other users only have read rights. How can I make it so that all files put in this folder have full rights for members in the group "staff"?
View 3 Replies
View Related
Mar 11, 2011
I am having problems on a server installation (9.10) with a kind of unstable sudoers file. Logging in as a user of group admin allows only sometimes to issue sudo commands.Most of the time I am getting a "not in sudoers file" errror.
Code:
$ sudo COMMAND
[sudo] password for USER:
[code]....
View 2 Replies
View Related
May 31, 2011
When I try to use sudo, I get this error message.
Code:
sudo: /etc/sudoers is owned by uid 1000, should be 0
sudo: no valid sudoers sources found, quitting
View 6 Replies
View Related
Jan 11, 2016
receive bash notice: "jim is not in the sudoers file."Just finished my first Debian install several hours ago, my first go around w/Debian. Installed 8.2 DVD ISO on USB. Had this issue from my first use in BASH, not a forgotten password problem. So 2 questions:
1) I'll be installing Debian again, and want to avoid this in future. There were 2 inputs on setup for name (my full name) and user (installer offered my first name which I accepted). 2 inputs for Password as well: I used the same password both times (have done this w/Mint & Ubuntu w/out issue).
2) How to fix this? Tried this: URL...however, neither keystroke got me to "rescue" prompt as article suggests. Several other articles presume an admin with privileges has sudo access to modify sudoers file.
I have multi-boot setup in BING environment (MBR, not EFI). I am booting from a GRUB2 ISO using grub commands as I still need GRUB installed in my boot partition until I can get cmd line access. I'm able to get a session on boot with the same password I used in setup.
View 14 Replies
View Related
Apr 15, 2010
I was adding me and my bud to a new group I created, but I used -G instead of -g as the tutorial suggested, I think this removed me from all other groups and put me in the new one. The same with my bud. Now I dont have sudo privileges, nor does my bud, and we have not set a password for the root account.
Code:
sudo ls -l
USER@SERVER:/var$ sudo password for USER:
USER is not in the sudoers file. this incident will be reported.
USER@SERVER:/var$
View 2 Replies
View Related
May 1, 2010
After freshly installing Lucid Lynx and tinkering for some time to get everything just how I like it, I managed to somehow remove myself and all other users from all groups. Now, obviously, I've restarted and I don't have root privileges as I am no longer a member of admin group. So I am somewhat stuck. I've looked at this page: [URL]. But annoyingly, there is no grub menu appearing on boot up (unlike previous Ubuntu versions). So I'm appealing for your help to either:
a) Show me how I can bring up the grub menu so I can access ubuntu in safe mode
b) Show me another way of accessing the system with root privileges. (Would using chroot from the Live CD work? I just thought of that now so I'll try it).
View 3 Replies
View Related
Oct 18, 2010
After upgrading GNOME to 2.32 in my openSUSE 11.3 x86_64 running graphic applications with sudo is impossible. (that means it worked before upgrading GNOME)
Code:
etam@etam-laptop:~> sudo xeyes
root's password:
No protocol specified
Error: Can't open display: :0.0 From /etc/sudoers:
Code:
Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER DISPLAY"
Some interesting facts:
[code]....
View 2 Replies
View Related
Apr 18, 2011
How do I add myself to the Sudoers File? When I go to use the "Sudo" command, it tells me I am not in the Sudoers File, so I have to do "su -" to bypass it for the time being. How do I add myself?
View 12 Replies
View Related
