(Woops. I keep forgetting debian-user does the return address right.) On Wed, Jan 4, 2012 at 8:26 PM, chengshid <chengs...@gmail.com> wrote: > 于 2012年01月04日 14:45, Bob Proulx 写道: > >> chengshid wrote: >>> >>> "sudo" command passwd is not canceled since i modify the follows files. >>> /usr/share/polkit-1/actions/ and /etc/pam.d/ >>> >>> the /etc/sudoers file have modified with no required passwd. >>> >>> help me! thanks. >> >> I do not understand what you are asking. Are you saying that it is >> not requiring a password now? The default password timeout is 15 >> minutes. >> >> Use 'sudo -k' to revoke your permissions. >> >> use 'sudo -l' to list information about what you are allowed. This >> will display any NOPASSWD flags set in the file. >> >> Bob > > $sudo -l > env_reset, > > secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin > > (ALL : ALL) NOPASSWD: ALL > (ALL : ALL) ALL > > This my content of sudoers > # > # This file MUST be edited with the 'visudo' command as root.
Just in case, I'll ask. You didn't edit /etc/sudoers or any files under /etc/sudoers.d directly, of course? (Took me a while to find the "visudo -f <file>" option for the included files.) > # Please consider adding local content in /etc/sudoers.d/ instead of > # directly modifying this file. > # > # See the man page for details on how to write a sudoers file. > # > Defaults env_reset > Defaults > secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:$ > > # Host alias specification > > # User alias specification > > # Cmnd alias specification > > # User privilege specification > root ALL=(ALL:ALL) ALL Odd that root would have to use the password where all the rest don't. But, ... > user ALL=(ALL:ALL)NOPASSWD: ALL That's a huge security hole. You don't want to do that. That's almost the same thing as letting root log in without a password. You should have one user that you only log in to for administration purposes. You might be tempted to call the user "admin" but it's better not to use a name that is easily guessed. Let's say I call my administrator user "bigboy". (I don't, but let's say I do.) Then that line would be user bigboy=(ALL:ALL)NOPASSWD: ALL which is better, but not by a whole lot. It's best to just get used to using the password, and, in fact, I would leave off the network ALL. > # Allow members of group sudo to execute any command > %sudo ALL=(ALL:ALL) ALL It doesn't look like you've defined any users in the %sudo group. (That would be like an administration group, and you can call it something else, if you want, maybe "admin".) > # See sudoers(5) for more information on "#include" directives: > > #includedir /etc/sudoers.d > > Thanks! I'm going to repeat myself. Maybe you're just practicing on that computer, so you don't want to have fight with password issues in addition to figuring out what the commands mean and how to use them. But then you'll be learning bad habits too. The goal of disabling passwords is not a good goal. As far as your problems with ACLs, I'm not going to comment on that. -- Joel Rees -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAAr43iM=08=neepmj1ejx5ht4lnmksuvxxytwp+bvojjb3s...@mail.gmail.com
