i name it “root” (i just do “bg new root sudo -i” to create it from user phil). i usually start one background shell and run “sudo -i” on it. I have a background system (based on screen) that i can stuff input into. i did set up a few specific users (like admin and phil) to be able to use it, all with no password (on my laptop no one else uses). The sed command disables the #includedir directive that would allow any files in subdirectories to override these inline updates.I do use sudo, but i know almost nothing about configuring it. The sed command does inline updates to the /etc/sudoers file to allow foo and root users passwordless access to the sudo group.The home directory is set to /home/foo.The user foo is added to the both the foo and sudo group.Sed -i /etc/sudoers -re 's/^#includedir.*/# Removed the #include directive! #"/g' & \Įcho "Customized the sudoers file for passwordless access!" & \Įcho "foo ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers & \Įcho "root ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers & \Įcho "foo user:" su foo -c 'whoami & id' & \Įcho "root user:" su root -c 'whoami & id' Sed -i /etc/sudoers -re 's/^root.*/root ALL=(ALL:ALL) NOPASSWD: ALL/g' & \ Sed -i /etc/sudoers -re 's/^%sudo.*/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/g' & \ Useradd -U foo -m -s /bin/bash -p foo -G sudo & passwd -d foo & passwd -d root & \ This is how I've implemented the non-root, passwordless user in an ephemeral Docker Image for use in a CICD pipeline with the base image of ubuntu:18.04: RUN \ It looks like this: #includedir /etc/sudoers.d This is a sneaky little directive, as it appears to be a commented line upon first glance. Is it because the user nicholsonjf was inheriting sudo rights from the two group specifications of admin and sudo (seen below in the sudoers file), which were overriding the nicholsonjf user specification because they were further down in the config file?Īs I was researching this, I realized that there's a line in the /etc/sudoers file that is not a comment, but a directive that makes any file or folder under the directory /etc/sudoers/* override the contents of /etc/sudoers. I was only able to start running sudo commands as nicholsonjf once I removed nicholsonjf from the sudo and admin groups. However this did not work, and I was still prompted for my password every time I ran a command as nicholsonjf. # See sudoers(5) for more information on "#include" directives: # Allow members of group sudo to execute any command # Members of the admin group may gain root privileges # See the man page for details on how to write a sudoers file.ĭefaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" # Please consider adding local content in /etc/sudoers.d/ instead of Initially, my only change to the sudoers file ( /etc/sudoers) was one line, a user specification that should have enabled nicholsonjf to run all commands with sudo without having to enter a password (see the line that starts with nicholsonjf): # This file MUST be edited with the 'visudo' command as root. I understand it's a huge security risk to enable NOPASSWD sudo. NOTE: I have made these changes on a dedicated machine running Ubuntu Desktop 13.04, that I use purely for learning purposes. This is a fairly complex question related to the sudoers file and the sudo command in general.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |