Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: editing sudoers?

Hybrid View

  1. #1
    Join Date
    May 2011
    Location
    here
    Posts
    180

    Default editing sudoers?

    hi,

    wonder how to edit /etc/sudoers to give a permision to users to mount / unmount commands also to give a permission to add a new group?
    I am aware that if I add something like that :
    Code:
    fred		ALL = (all) NOPASSWD: ALL
    fred will have a root privileges but I want him to be able to add new users and mount/unmount only.

  2. #2
    Join Date
    Jul 2011
    Location
    Alpharetta, Georgia, USA
    Posts
    289

    Default Re: editing sudoers?

    Try something like this:

    fred ALL = NOPASSWD: /usr/sbin/useradd, /bin/mount, /bin/umount

  3. #3
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: editing sudoers?

    But remember that with this simple scheme fred can come along with a USB HD containing a suid root shell and then it's game over.

  4. #4
    Join Date
    May 2011
    Location
    here
    Posts
    180

    Default Re: editing sudoers?

    Quote Originally Posted by ken_yap View Post
    But remember that with this simple scheme fred can come along with a USB HD containing a suid root shell and then it's game over.
    thanks gldickens,

    ken, suid root good to know , actually its just my curiosity of editing /etc/sudoers and fred is just random picked name so only I can do harm to my opensuse

  5. #5
    Join Date
    Jul 2011
    Location
    Alpharetta, Georgia, USA
    Posts
    289

    Default Re: editing sudoers?

    Quote Originally Posted by ken_yap View Post
    But remember that with this simple scheme fred can come along with a USB HD containing a suid root shell and then it's game over.
    I agree about your point regarding the security risk of sudoer. However, practically speaking, the security risk is no worse than other risks that we accept in our installations in general. After all, the only thing that anyone needs to completely compromise an existing installation is an installation CD or DVD. So, anybody can come along with any distro's boot disk, boot any linux system from that installation media, mount the hard drive and access/delete/modify the entire hard drive's file system. Game completely over.....

  6. #6
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: editing sudoers?

    Quote Originally Posted by gldickens3 View Post
    I agree about your point regarding the security risk of sudoer. However, practically speaking, the security risk is no worse than other risks that we accept in our installations in general. After all, the only thing that anyone needs to completely compromise an existing installation is an installation CD or DVD. So, anybody can come along with any distro's boot disk, boot any linux system from that installation media, mount the hard drive and access/delete/modify the entire hard drive's file system. Game completely over.....
    Yes, but this kind of sudo hole can be exploited remotely, and so more serious than access to the physical machine. How? Just mount an image containing a suid root shell using loopback.

  7. #7
    Join Date
    May 2011
    Location
    here
    Posts
    180

    Default Re: editing sudoers?

    have another question on editing suoders file, its beyond security, can I edit suoders that way to allow myself copy files between different partitions without asking for root password?

  8. #8
    Join Date
    Jul 2011
    Location
    Alpharetta, Georgia, USA
    Posts
    289

    Default Re: editing sudoers?

    Quote Originally Posted by loand View Post
    have another question on editing suoders file, its beyond security, can I edit suoders that way to allow myself copy files between different partitions without asking for root password?
    Just add the cp command to the line in /etc/sudoers such as:

    fred ALL = NOPASSWD: /usr/sbin/useradd, /bin/mount, /bin/umount, /bin/cp

  9. #9
    Join Date
    May 2011
    Location
    here
    Posts
    180

    Default Re: editing sudoers?

    will do that

  10. #10
    Join Date
    May 2011
    Location
    here
    Posts
    180

    Default Re: editing sudoers?

    ok, the :

    /bin/cp works when I copy files within the same partition but getting
    Code:
    andre@andrzej:~/Documents/Scripts> cp -r Copy1/ /windows/D/
    cp: cannot create directory `/windows/D/Copy1': Permission denied
    when I try to copy between linux-windows partition

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •