Re: ssh and debian

Tue, 02 Oct 2001 15:27:58 -0500 

On Tue, Oct 02, 2001 at 01:21:19PM -0400, Brian Schramm wrote:
| Sorry for teh confusion.  I use ssh to log in and sudo to change to the
| superuser account.  I ment sudo and debian in my letter.  Now here is my

Ah, ok.

| problem.  I log into my remote machine by ssh and then change to the sudo
| system from there.  No matter what I have tried it never askes me for a
| password.  I have had this happen ever since I have used debian and I have
| never had it do that for me on any other system.  It does not matter if I
| am loged into the local console or a remote console.  Here is my sudoers
| file:
| 
| # sudoers file.
| #
| # This file MUST be edited with the 'visudo' command as root.
| #
| # See the man page for details on how to write a sudoers file.
| #
| 
| # Host alias specification
| 
| # User alias specification
| 
| # Cmnd alias specification
| 
| # User privilege specification
| root    ALL=(ALL) ALL
| bschramm    ALL=(ALL) ALL
| 
| This file works in other systems so I am not quite sure why it does not
| work as expected here.

It looks to me like that would require your password ... however a
quick test on my debian box shows that it doesn't.

Some snippets from 'man sudoers' that seem relevant :

       The reserved word ALL is a built in alias that always
       causes a match to succeed.  It can be used wherever one
       might otherwise use a Cmnd_Alias, User_Alias, Runas_Alias,
       or Host_Alias.  You should not try to define your own
       alias called ALL as the built in alias will be used in
       preference to your own.  Please note that using ALL can be
       dangerous since in a command context, it allows the user
       to run any command on the system.
-----
       The User specification is the part that actually
       determines who may run what.

        root           ALL = (ALL) ALL
        %wheel         ALL = (ALL) ALL

       We let root and any user in group wheel run any command on
       any host as any user.

        FULLTIMERS     ALL = NOPASSWD: ALL

       Full time sysadmins (millert, mikef, and dowdy) may run
       any command on any host without authenticating themselves.

        PARTTIMERS     ALL = ALL

       Part time sysadmins (bostley, jwfox, and crawl) may run
       any command on any host but they must authenticate
       themselves first (since the entry lacks the NOPASSWD tag).
--------

Hmm, even using the PASSWD: option I still don't have to enter my
password.  I don't know why.


-D

Reply via email to