[SOLVED] help with sudoers file

This forum is for general chat between members about Mageia.

Technical questions are supposed to be posted in support forums. Not here !

[SOLVED] help with sudoers file

Postby tarazed » Jun 10th, '12, 11:30

Trying to find a way to unmount removable media such as USB drives, as a user, I edited /etc/sudoers hoping to run sudo umount without a password.
This fails completely.

Information about the user:
Code: Select all
[lcl@belexeuli ~]$ id lcl
uid=500(lcl) gid=500(live) groups=500(live),100(users)


Entry in /etc/sudoers with template command used as model:
Code: Select all
## Allows members of the users group to shutdown this system
# %users  localhost=/sbin/shutdown -h now
%users localhost=/bin/umount NOPASSWD


Trial:
Code: Select all
[lcl@belexeuli ~]$ sudo umount /run/media/lcl/Sirius
[sudo] password for lcl:
lcl is not in the sudoers file.  This incident will be reported.


I am stumped. ??
Last edited by tarazed on Jun 10th, '12, 17:11, edited 1 time in total.
tarazed
 
Posts: 273
Joined: Sep 18th, '11, 01:49

Re: help with sudoers file

Postby maat » Jun 10th, '12, 11:52

Code: Select all
%users  ALL=    NOPASSWD: /bin/umount


Take care of having a [TAB] afer %users and an other before the NOPASSWD

Please also note that sudo controls the options you give to commands so you could be able to run /bin/umount but not /bin/umount /mnt/cdrom (I did not check)
maat
 
Posts: 307
Joined: Feb 13th, '11, 00:23

Re: help with sudoers file

Postby tarazed » Jun 10th, '12, 12:17

Thanks maat. I used that command but came up with the same request for lcl's password and the same error message.
Meanwhile I had created the group lcl and tried to make it the primary group, first in mcc manage users -> failed to change it from live, then using
Code: Select all
 usermod -g lcl -G lcl,live,users lcl


That failed too. So how do I get sudoers to recognize lcl as a user? Does ALL have to be configured?
tarazed
 
Posts: 273
Joined: Sep 18th, '11, 01:49

Re: help with sudoers file

Postby maat » Jun 10th, '12, 12:26

done :
1/ create a group
Code: Select all
# groupadd mygroup


2/ defined my user as in the group
Code: Select all
# vi /etc/group


And added my user "maat" to "mygroup":
Code: Select all
mygroup:x:503:maat


3/ Then changed my sudoers file:
Code: Select all
# visudo


Modified the file (and saved with :wq):
Code: Select all
%mygroup  ALL=    NOPASSWD: /bin/umount


4/ Switched to my user maat and tested umount :
Code: Select all
# su - maat
$ sudo umount
Utilisation : umount -h | -V
       umount -a [-d] [-f] [-r] [-n] [-v] [-t typevfs] [-O opts]
       umount [-d] [-f] [-r] [-n] [-v] spécial | nœud...


worked perfectly :)
maat
 
Posts: 307
Joined: Feb 13th, '11, 00:23

Re: help with sudoers file

Postby tarazed » Jun 10th, '12, 12:49

I had effectively done all that. I am wondering if I need to logout and back in again for these changes to be properly registered.
I'll be back...
tarazed
 
Posts: 273
Joined: Sep 18th, '11, 01:49

Re: help with sudoers file

Postby tarazed » Jun 10th, '12, 12:59

No, that had no effect.
Directory listings still show live as the primary group.
I have these three entries in /etc/group:
users:x:100:lcl
live:x:500:lcl
lcl:x:500:lcl

A clash?
tarazed
 
Posts: 273
Joined: Sep 18th, '11, 01:49

Re: help with sudoers file

Postby maat » Jun 10th, '12, 13:10

mygroup was not primary in my test

the primary group is defined in /etc/passwd

So your problem does not come from wether users is primary or not
maat
 
Posts: 307
Joined: Feb 13th, '11, 00:23

Re: help with sudoers file

Postby maat » Jun 10th, '12, 13:23

i re-tested with %users (gid 100) and the problem triggers

so the problem is linked to %users (group id = 100 too low ?)

Please test with a new group %localusers ;)
maat
 
Posts: 307
Joined: Feb 13th, '11, 00:23

Re: help with sudoers file

Postby maat » Jun 10th, '12, 13:36

Deeper answer : users is disabled as a group by default.

If you REALLY want to use it for sudo you have to edit /etc/gshadow and put a ! like this :
Code: Select all
users:!::


My advice is : DO NOT PLAY WITH THAT (unless you really really know what you do)

=> Create another group will be safer and cleaner :)
maat
 
Posts: 307
Joined: Feb 13th, '11, 00:23

Re: help with sudoers file

Postby tarazed » Jun 10th, '12, 16:40

All new information. Thanks.

Set up localusers as GID=501 and added lcl to that group,
changed live to GID=502,
removed lcl from the users group.

Replaced %users by %localusers in sudoers and bingo, it worked, and ownership of my files comes out as lcl:lcl.

Len
tarazed
 
Posts: 273
Joined: Sep 18th, '11, 01:49

Re: help with sudoers file

Postby maat » Jun 10th, '12, 16:53

you're welcome :)

=> Now please edit your first post and add [SOLVED] at the beginning of the title... that will help other members to know this is solved (helpful for those in search of a solution and helpful for helpers team to concentrate on unsolved problems)

Thank you :)
maat
 
Posts: 307
Joined: Feb 13th, '11, 00:23

Re: [SOLVED]help with sudoers file

Postby doktor5000 » Jun 11th, '12, 00:22

FWIW, actually unmounting of removable drives should work, as you seem to have it mounted via your desktop environment. If it doesn't work, please give some information which desktop environment you're using and how you mounted those removable drives.
Cauldron is not for the faint of heart!
Caution: Hot, bubbling magic inside. May explode or cook your kittens!
----
Disclaimer: Beware of allergic reactions in answer to unconstructive complaint-type posts
User avatar
doktor5000
 
Posts: 18052
Joined: Jun 4th, '11, 10:10
Location: Leipzig, Germany


Return to General discussions about Mageia

Who is online

Users browsing this forum: No registered users and 1 guest

cron