On Sat, May 13, 2023 at 09:07:19AM -0700, Kushal Kumaran wrote:
[...]
> The benefit is that there is no shared password. [...]
Thanks. This is one very good point indeed.
Cheers
--
t
signature.asc
Description: PGP signature
On Sat, May 13 2023 at 01:51:03 AM, Lee wrote:
> On 5/12/23, DdB wrote:
>> Am 13.05.2023 um 00:03 schrieb Lee:
>>> On 5/12/23, Stefan Monnier wrote:
> Or configure sudo to disable tty_tickets, so that the timeout (10
> minutes by default IIRC) applies to all terminals.
`sudo ba
to...@tuxteam.de wrote:
> Security is engineering: always looking for a good tradeoff.
> Not magic.
>
> (That's why I cringe when people around here scaremonger about
> "you NEED to have a password" and things. People should know
> what they are getting into, for sure, but at the same time they
>
wrote:
> On Sat, May 13, 2023 at 10:35:31AM +0200, Michel Verdier wrote:
> > Le 12 mai 2023 tomas a écrit :
> >
> > >> > `sudo bash` anyone?
> > >>
> > >> also quicker done with
> > >> su -
> > >
> > > But not the same.
> >
> > Which differences do you see ?
>
> For su, you have to e
DdB (12023-05-13):
> The kind of mistakes, any user (including yourself) can initiate, grows
> considerably, if he can use any commands without even thinking.
You are right with this principle but you are mistaken in applying it.
If you want to teach users to think before typing the password, then
On Sat, May 13, 2023 at 10:35:31AM +0200, Michel Verdier wrote:
> Le 12 mai 2023 tomas a écrit :
>
> >> > `sudo bash` anyone?
> >>
> >> also quicker done with
> >> su -
> >
> > But not the same.
>
> Which differences do you see ?
For su, you have to enter the root password. For sudo, there
are
Le 12 mai 2023 tomas a écrit :
>> > `sudo bash` anyone?
>>
>> also quicker done with
>> su -
>
> But not the same.
Which differences do you see ?
On 5/12/23, DdB wrote:
> Am 13.05.2023 um 00:03 schrieb Lee:
>> On 5/12/23, Stefan Monnier wrote:
Or configure sudo to disable tty_tickets, so that the timeout (10
minutes by default IIRC) applies to all terminals.
>>>
>>> `sudo bash` anyone?
>>
>> me! me! but I also have
> (...)
>> %
Am 13.05.2023 um 00:03 schrieb Lee:
> On 5/12/23, Stefan Monnier wrote:
>>> Or configure sudo to disable tty_tickets, so that the timeout (10
>>> minutes by default IIRC) applies to all terminals.
>>
>> `sudo bash` anyone?
>
> me! me! but I also have
(...)
> %adm ALL = (root) NOPASSWD:
On 5/12/23, Stefan Monnier wrote:
>> Or configure sudo to disable tty_tickets, so that the timeout (10
>> minutes by default IIRC) applies to all terminals.
>
> `sudo bash` anyone?
me! me! but I also have
# cat /etc/sudoers.d/adm-grp-privs
# members of adm can run certain commands as root w
On 2023-05-12, Tom Reed wrote:
>> Tom Reed (12023-05-12):
>>> otherwise every time i have to input password for sudo.
>>
>> Yes, that is the point.
>>
>> If “every time” is a lot for you, maybe your use habits need to be
>> reviewed.
>>
>
> that's normal. for example, I have to check every kind of
On Fri, May 12, 2023 at 05:46:21PM +0200, Michel Verdier wrote:
> Le 12 mai 2023 Stefan Monnier a écrit :
>
> >> Or configure sudo to disable tty_tickets, so that the timeout (10
> >> minutes by default IIRC) applies to all terminals.
> >
> > `sudo bash` anyone?
>
> also quicker done with
> su -
Le 12 mai 2023 Stefan Monnier a écrit :
>> Or configure sudo to disable tty_tickets, so that the timeout (10
>> minutes by default IIRC) applies to all terminals.
>
> `sudo bash` anyone?
also quicker done with
su -
On 12/05/2023 21:00, Byung-Hee HWANG (황병희) wrote:
On Fri, 2023-05-12 at 08:25 -0400, Stefan Monnier wrote:
`sudo bash` anyone?
AMAZING! Thanks for tip, Stefan ^^^
Isn't it a way to get e.g. ~/.bash_history owned by root?
sudo -i
should be better
Hi Stefan,
On Fri, 2023-05-12 at 08:25 -0400, Stefan Monnier wrote:
> > Or configure sudo to disable tty_tickets, so that the timeout (10
> > minutes by default IIRC) applies to all terminals.
>
> `sudo bash` anyone?
>
AMAZING! Thanks for tip, Stefan ^^^
Sincerely, Byung-Hee
--
^고맙습니다 _布德天下
Le 12 mai 2023 Tom Reed a écrit :
> that's normal. for example, I have to check every kind of logs (mail,
> webserver, systems etc). They require sudo then.
Logs are with adm gid, so just add your user to the group adm to be able
to consult logs.
Stefan Monnier (12023-05-12):
> `sudo bash` anyone?
Why not “sudo start-gnome” or logging as root on the display manager
while you are at it?
Regards,
--
Nicolas George
> Or configure sudo to disable tty_tickets, so that the timeout (10
> minutes by default IIRC) applies to all terminals.
`sudo bash` anyone?
Stefan
Greg Wooledge (12023-05-12):
> If you're launching a terminal, running a single sudo command, closing
> the terminal, opening a new terminal, etc. ... then perhaps you should
> stop doing that. Leave your terminal open, at least until you're done
> with whatever administrative task you're doing.
On Fri, May 12, 2023 at 08:13:31PM +0800, Tom Reed wrote:
> that's normal. for example, I have to check every kind of logs (mail,
> webserver, systems etc). They require sudo then.
If you check the logs all at once, as part of a daily routine, then you
only have to type the password one time, at t
On Fri, May 12, 2023 at 07:27:25PM +0800, Tom Reed wrote:
> Hello
>
> what's the right way to add an user to run sudo without password?
> I have to edit /etc/sudoers by manual. But I don't think it's a grace way.
>
> Thanks.
> Tom
>
As others have said: sudo is *designed* this way - you have to
Tom Reed (12023-05-12):
> that's normal. for example, I have to check every kind of logs (mail,
> webserver, systems etc). They require sudo then.
No they do not. You just have to adjust files permissions if they are
not correct by default, which they usually are.
My crystal ball tells me you neg
On Fri, May 12, 2023 at 08:03:00PM +0800, Tom Reed wrote:
> for a common account, such as tom, a nopasswd sudo also makes sense?
> otherwise every time i have to input password for sudo.
Within a given terminal session, you only have to enter your passwors
once. This will allow passwordless sudo
> Tom Reed (12023-05-12):
>> otherwise every time i have to input password for sudo.
>
> Yes, that is the point.
>
> If “every time” is a lot for you, maybe your use habits need to be
> reviewed.
>
that's normal. for example, I have to check every kind of logs (mail,
webserver, systems etc). They
Tom Reed (12023-05-12):
> otherwise every time i have to input password for sudo.
Yes, that is the point.
If “every time” is a lot for you, maybe your use habits need to be
reviewed.
Regards,
--
Nicolas George
> On Fri, May 12, 2023 at 07:27:25PM +0800, Tom Reed wrote:
>> what's the right way to add an user to run sudo without password?
>> I have to edit /etc/sudoers by manual. But I don't think it's a grace
>> way.
>
> *Without password*?? Yes, that will require a manual edit.
>
> There is no "graceful
On Fri, May 12, 2023 at 07:27:25PM +0800, Tom Reed wrote:
> what's the right way to add an user to run sudo without password?
> I have to edit /etc/sudoers by manual. But I don't think it's a grace way.
*Without password*?? Yes, that will require a manual edit.
There is no "graceful way" to gran
On Tue, Apr 30, 2013 at 04:10:41PM -0500, Michael wrote:
> Is there any (significant) difference between editing (adding a user
> to) the _/etc/sudoers_ file and adding a person to the _admin
> group?_ Am I comparing apples and oranges?
Yes, it's different.
The admin group is a normal UNIX grou
Michael wrote:
> Is there any (significant) difference between editing (adding a user
> to) the _/etc/sudoers_ file and adding a person to the _admin
> group?_ Am I comparing apples and oranges?
There is no default "admin" group. I think you are referring to the
"sudo" group. (There is an "adm
Jean-Marc writes:
> Michael wrote:
>> Is there any (significant) difference between editing (adding a user to)
>> the _/etc/sudoers_ file and adding a person to the _admin group?_ Am I
>> comparing apples and oranges?
> Usually, groups are used on GNU/Linux for access control, to control a
On Tue, 30 Apr 2013 16:10:41 -0500
Michael wrote:
Hi Michael,
> Is there any (significant) difference between editing (adding a user to)
> the _/etc/sudoers_ file and adding a person to the _admin group?_ Am I
> comparing apples and oranges?
Usually, groups are used on GNU/Linux for access con
Antispammbox-debian wrote:
I use some utility like TrueCrypt and gmountiso that using sudo.
I've added myself to the group sudo:
sudo adduser myself
This does not achieve what you want:
usermod -a -G sudo $user
newgrp sudo $user
change "$user" for your user name.
That creates a new user
Antispammbox-debian wrote:
> I use some utility like TrueCrypt and gmountiso that using sudo.
> I've added myself to the group sudo:
> sudo adduser myself
That creates a new user called "myself". It does not add anyone to the
"sudo" group.
> and modified with nano visudo, the sudoers file.
> u
On Mon, Mar 26, 2012 at 09:39:44PM +0200, Antispammbox-debian wrote:
> I've added myself to the group sudo:
> sudo adduser myself
This is wrong. You need to
# adduser $USER $GROUP
From man adduser :
adduser [options] user group
Add an existing user to an existing group
If called with
Tom H wrote:
> I've just re-read the sudoers man page (after a VERY long time),
> thinking that it would help me "refudiate" the fact that the
> "Defaults" line had some in-built, unlisted defaults, when in fact,
> I've been misusing "sudo -L" for more years than I care to remember...
And I see th
On Tue, Aug 16, 2011 at 6:37 AM, Walter Hurry wrote:
> On Mon, 15 Aug 2011 17:33:58 -0400, Tom H wrote:
>
>> "sudo -L" lists the full list of "Defaults". I'd be very surprised if
>> even one of these isn't set.
>
> Then prepare for a surprise. Vanilla /etc/sudoers in Squeeze:
>
> # /etc/sudoers
>
On Mon, 15 Aug 2011 17:33:58 -0400, Tom H wrote:
> "sudo -L" lists the full list of "Defaults". I'd be very surprised if
> even one of these isn't set.
Then prepare for a surprise. Vanilla /etc/sudoers in Squeeze:
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
#
On Mon, Aug 15, 2011 at 3:51 PM, Walter Hurry wrote:
> On Mon, 15 Aug 2011 13:12:04 -0600, Bob Proulx wrote:
>> Tom H wrote:
>>> Both are set by default.
>>
>> Just tty_tickets is set by default. requiretty is off by default.
>>
>> $ man 5 sudoers
>>
>> tty_tickets If set, users must
Walter Hurry wrote:
> Bob Proulx wrote:
> > Best would be to run 'sudo -l' and see what flags are actually set at
> > the time. And remember that /etc/sudoers.d/* is a directory of
> > additional snippets that are also included into the configuration.
>
> For what it is worth, I'm not sure that t
On Mon, 15 Aug 2011 13:12:04 -0600, Bob Proulx wrote:
> Tom H wrote:
>> Both are set by default.
>
> Just tty_tickets is set by default. requiretty is off by default.
>
> $ man 5 sudoers
>
>tty_tickets If set, users must authenticate on a per-tty
>basis.
>
Andrew Critchlow wrote:
Does anyone have any information on the package "sudoers", such as what it is
and why and what?
$ man sudo
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can expla
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andrew Critchlow wrote:
> How would I know if sudoers is already installed on my system? Is
> sudoers the same as when you type >su - to get root access?
> I can't seem to find sudoers in apt?
>
>
Greetings Andrew:
The package name is sudo. You
On (12/10/06 12:29), Andrew Critchlow wrote:
> How would I know if sudoers is already installed on my system? Is
> sudoers the same as when you type >su - to get root access?
> I can't seem to find sudoers in apt?
The package is called sudo
dpkg -l | grep sudo
ii sudo
On Thu, 2006-10-12 at 12:29 +, Andrew Critchlow wrote:
> How would I know if sudoers is already installed on my system? Is
> sudoers the same as when you type >su - to get root access?
> I can't seem to find sudoers in apt?
>
>
no that's "su" not "sudo"
given
apt-cache search sudoer
re
How would I know if sudoers is already installed on my system? Is sudoers the same as when you type >su - to get root access?
I can't seem to find sudoers in apt?
thanks
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andrew Critchlow wrote:
> Does anyone have any information on the package "sudoers", such as what
> it is and why and what?
>
>
>
>
> thanks
Greetings Andrew:
You can use the sudo program to give regular users the rights to run
certain progra
On (12/10/06 11:14), Andrew Critchlow wrote:
> Does anyone have any information on the package "sudoers", such as
> what it is and why and what?
$ apropos sudoers
sudoers (5) - list of which users may execute what
visudo (8) - edit the sudoers file
then use man
$ man sudoers
47 matches
Mail list logo
