Hello:
I found that the command sudo in SLES can only work based on root
password. So, I am wondering, is it possible to add common user and
their own passsword to use sudo?
albumns’s Profile: http://forums.novell.com/member.php?userid=48883
View this thread: http://forums.novell.com/showthread.php?t=444454
Hi albumns,
I’m not sure I understand what you’re trying to achieve… If a regular
user invokes “sudo” and the configuration does not specify “NOPASSWD:”
for the command to be run, then AFAIK the user will be prompted for
her/his password.
Regards,
Jens
jmozdzen’s Profile: http://forums.novell.com/member.php?userid=32246
View this thread: http://forums.novell.com/showthread.php?t=444454
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
No, this is not completely accurate. There are two default setups I’ve
seen… the SUSE way and the Ubuntu (and probably Debian) way. The SUSE
way is that anytime sudo is called the target user (the user you want to
run the command as) must put in THEIR password. In most cases this is
the root user and so as a result the user running ‘sudo’ must also know
the root user’s password.
The other way of setting things up, the Debian way, is to require the
user running ‘sudo’ to put in their OWN password to change and become
another user.
Each way has its benefits… the former way lets anybody use sudo out
of the box as long as they know the ‘root’ user’s password. The latter
way means an admin can ensure nobody knows the root password (except the
admin of course) but requires that admin to setup which commands people
can run since, presumably, they do not know the root user’s password.
This is all controlled via the following line which is set in SUSE installs:
Defaults targetpw # ask for the password of the target user i.e. root
and it is important to note the following line which should only be
present if the previous line is there:
ALL ALL=(ALL) ALL #WARNING! Only use this together with 'Defaults targetpw
This line lets anybody run anything anywhere as anybody else… as long
as the other sudo requirements are met (in this case, that you know the
destination user’s password).
None of this has to do with NOPASSWD really, which lets sudo be used
without putting in any passwords as long as the other rules are met.
Good luck.
Want to yell at me in person?
Come to BrainShare 2011 in October: http://tinyurl.com/brainshare2011
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJOaiXqAAoJEF+XTK08PnB5SiEP/iy+8QuqRlLZmOoT4FDlyvkm
+ZKqfwMEawZEmXrAmuMF72Q6e1iCipOG6e8nKuX0S9MAjZUjwN+dg9/Jevu3IY5z
YL/DUN/AJqBeJYJuLXEgRgdlp5X3Z6mg0CYdxK6jQoZY+877jPqQEPfKwVTYnLbU
moH3xo5EzE8dOrQpBWOwXMsJvNWwDqbHUfpffClHHsZPhU7loOA0PDo9xbJfSPQh
b6+VnfOuy5/2AQRR7gfEWnmDWUS6nY1JcE0HgURfsdL+rGZhq9b+Kr98lmff2fQF
z7s3oGdyEf/6NJ6GBSRTOJ1C6F1VAEApfvAQEEEYdGCmgJ9Hz2QUzN++69Kcmr55
h2eWwHTpGDGWEBGjcb14TZsAdIlbfzPCqFGDfPIpVet+DzX3xoTCqw0UVEJCk3ny
FuKRSElo8f7L1j3UogSOqGfG6PLfW/3ET334t1ZzuOrg9tpeU6+4GzU2Xnzz0d64
unua35T0gC0RuVno2nKSpe4ZD8I7xeGjA5qcUpnrksVzlBffYCLsSp6pE+0AU/tz
of48CRT3tQzIxrKQpUj6uXbE8NyMKkG+7pj8KrmC64WfiHxPh47ofjyf4ILSQFsU
fUO36JcQFU6aSMU8+EqWRccVmweLW9brHtdJ/cWklGS58sWzp9eVemSSEwjO+lrj
86ZKUNl0UUCGD36EXPBk
=Dcsb
-----END PGP SIGNATURE-----
The SUSE way is that anytime sudo is called the target user (the user
you want to run the command as) must put in THEIR password. In most
cases this is the root user and so as a result the user running ‘sudo’
must also know the root user’s password.The other way of setting things up, the Debian way, is to require the
user running ‘sudo’ to put in their OWN password to change and become
another user.Each way has its benefits… the former way lets anybody use sudo out
of the box as long as they know the ‘root’ user’s password. The latter
way means an admin can ensure nobody knows the root password (except
the admin of course) but requires that admin to setup which commands
people can run since, presumably, they do not know the root user’s
password.[/color]
Sudo has two main security relevant advantages in comparison to “su”:
the ability to specify who can do what and no need to know the root
password.
If you use “targetpw” (what you describe as the SUSE way) you lose both:
the user who is restricted to run a specific command can simply use su.
Thorsten