I have granted one user a couple of permissions to other acccounts. I am running SLES 11 sp1 .
This I have done with yast (just to be sure) and afterwards also with /etc/sudoers file.
Now when I run a command it is asking for password, but I have used the option NOPASSWD.
When running sudo -l , it shows all the correct permissions
this is puzzling, why is it asking for a password, even when it’s configured not to use is
sudoer file:
Defaults always_set_home
Defaults env_reset
Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"
Defaults targetpw
ALL ALL = (ALL) ALL
root ALL = (ALL) ALL
ki ALL = (test1) NOPASSWD:ALL
ki ALL = (test2) NOPASSWD:ALL
ki All = (test3) NOPASSWD:ALL
ki ALL = (test4) NOPASSWD:ALL
sudo - l command on the user ki:
[CODE]
sudo -l
Matching Defaults entries for ki on this host:
always_set_home, env_reset, env_keep=“LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES
LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE”, targetpw
User bi may run the following commands on this host:
(ALL) ALL
(test1) NOPASSWD: ALL
(test2) NOPASSWD: ALL
(test3) NOPASSWD: ALL
(test4) NOPASSWD: ALL[/CODE]
You didn’t post the sudo command that you’re trying which prompts you for
the password. Be sure you’re specifying the target user, or else it
assumes root, which is not one of your options for NOPASSWD. I think the
syntax is “-u test1” for the sudo command.
–
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…
On 04/12/2015 15:54, ecanmaster wrote:
[color=blue]
I have granted one user a couple of permissions to other acccounts. I am
running SLES 11 sp1 .
This I have done with yast (just to be sure) and afterwards also with
/etc/sudoers file.
Now when I run a command it is asking for password, but I have used the
option NOPASSWD.
When running sudo -l , it shows all the correct permissions
this is puzzling, why is it asking for a password, even when it’s
configured not to use is
sudoer file:
Code:
Defaults always_set_home
Defaults env_reset
Defaults env_keep = “LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE”
Defaults targetpw
ALL ALL = (ALL) ALL
root ALL = (ALL) ALL
ki ALL = (test1) NOPASSWD:ALL
ki ALL = (test2) NOPASSWD:ALL
ki All = (test3) NOPASSWD:ALL
ki ALL = (test4) NOPASSWD:ALL
sudo - l command on the user ki:
Code:
sudo -l
Matching Defaults entries for ki on this host:
always_set_home, env_reset, env_keep=“LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES
LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE”, targetpw
User bi may run the following commands on this host:
(ALL) ALL
(test1) NOPASSWD: ALL
(test2) NOPASSWD: ALL
(test3) NOPASSWD: ALL
(test4) NOPASSWD: ALL
--------------------[/color]
The output you’ve posted suggests that whilst your sudoers file
references user ki, the sudo -l output mentions bi …
HTH.
Simon
SUSE Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.
sorry guys for the late reply, because of the weekend , I completely forgot
did do a lot of googling, but this is an interesting problem,
this looks like a conflict with permissions, but I couldn’t find any
here is the error:
On 12/08/2015 06:44 AM, ecanmaster wrote:[color=blue]
the command “-u test1” doesnt work,[/color]
Well, that was not the whole command. This is meant to be an argument to
‘sudo’ to tell it the target user to use (instead of the default, ‘root’).
[color=blue]
it doesnt recognize the -u option
do you mean "sudo -u test ‘command’ "?[/color]
Yes, exactly. Also, do not test with bash builtins (‘cd’) as they are no
likely never going to work. ‘ls’ would be a valid option for you perhaps,
since that is a real command which probably does not work now for your
current user (due to permissions) but would with the appropriate target user.
–
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…
The issue could be that the user has sudo permission to different account and because it doesnt know which account to select it uses root account,
could this be the case?
probably if this user had sudo permissions to one account, it wouldnt have this issue
is there a way to make things easier, instead of using the "-u user " ?
or what is the best practice for this situations?
anyway, thx for your help so far , learned something new
On 12/08/2015 07:24 AM, ecanmaster wrote:[color=blue]
I did "sudo -u test ls " instead of cd[/color]
Glad to hear that.
[color=blue]
The issue could be that the user has sudo permission to different
account and because it doesnt know which account to select it uses root
could this be the case?[/color]
I would bet this is highly unlikely. ‘sudo’ simply defaults to ‘root’, so
no matter how many definitions you have (comment out the others if you
want to test this in about one second), it defaults to ‘root’, which is
not the correct target user for your specific case, but is the proper
target user for about 99.9% of every case out there.
[color=blue]
probably if this user had sudo permissions to one account, it wouldnt
have this issue[/color]
Again, highly doubt it.
[color=blue]
is there a way to make things easier, instead of using the "-u user " ?
or what is the best practice for the situations?[/color]
Create an alias for the users, perhaps.
Look in the ‘sudoers’ manpage about Defaults to see if anything in there
works for you. Perhaps you can set the defaults to be one of the users,
but since you have multiples, that seems to only be decreasing your issue
by a relatively-small percentage (as would an alias as mentioned above).
–
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…
Most of the time I have been using sudo for the root account and that explains the sudo command
however, in the sudoers file you can specify which command users can run and even permissions for a given account
in the yast menu this is defined clearly and I can add users account permissions ,
hope you know what I mean, so it seems this should be possible
take a look at the yast sudo menu
Exactly; the -i option is the one I usually use to become ‘root’ as well,
as it is less-redundant than other things people do like ‘sudo su -’ which
is basically the same thing, but with more typing. Since -i just means
make the session interactive, it lets you in, but instead of ‘-i’ you
could put any command (as you tested successfully earlier) for better
logging of what happens next.
–
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…