Results 1 to 7 of 7

Thread: Use zypper as sudoer configuration

  1. #1

    Default Use zypper as sudoer configuration

    I don't know why this doesn't work straightforward:


    If I use zypper to install sth it still says root is needed
    .
    Btw, I don't know if it's a bug or what, but everytime I edit the rule of sudoer, pressing "finish" gives a "can't write to rules, do you want to edit it again?"

    I then "yes" and "finish" again, the rule can be saved.
    openSUSE Leap 15.0

  2. #2
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Use zypper as sudoer configuration

    On 2013-05-19 11:36, bonedriven wrote:
    >
    > I don't know why this doesn't work straightforward:
    > [image: http://i.imgur.com/d9Yoesb.png]
    >
    > If I use zypper to install sth it still says root is needed


    Paste here, inside code tags⁽¹⁾:

    Code:
    su
    grep -v "^[[:space:]]*$|^#" /etc/sudoers
    exit

    > Btw, I don't know if it's a bug or what, but everytime I edit the rule
    > of sudoer, pressing "finish" gives a "can't write to rules, do you want
    > to edit it again?"


    I have never used that YaST module myself. I assume you are running it
    as root?

    > I then "yes" and "finish" again, the rule can be saved.


    Well, maybe there is a bug in that module and _you_ should report it :-)

    openSUSE:Submitting bug
    reports



    (1) Please use code tags for printouts and commands. Advanced editor,
    '#' button.
    Posting in Code Tags - A Guide



    --
    Cheers / Saludos,

    Carlos E. R.
    (from 12.1 x86_64 "Asparagus" at Telcontar)

  3. #3

    Default Re: Use zypper as sudoer configuration

    Hi Robin,
    Here's the result of the grep command:

    Code:
    ## sudoers file.##
    ## This file MUST be edited with the 'visudo' command as root.
    ## Failure to use 'visudo' may result in syntax or file permission errors
    ## that prevent sudo from running.
    ##
    ## See the sudoers man page for the details on how to write a sudoers file.
    ##
    
    
    ##
    ## Host alias specification
    ##
    ## Groups of machines. These may include host names (optionally with wildcards),
    ## IP addresses, network numbers or netgroups.
    # Host_Alias    WEBSERVERS = www1, www2, www3
    
    
    ##
    ## User alias specification
    ##
    ## Groups of users.  These may consist of user names, uids, Unix groups,
    ## or netgroups.
    # User_Alias    ADMINS = millert, dowdy, mikef
    
    
    ##
    ## Cmnd alias specification
    ##
    ## Groups of commands.  Often used to group related commands together.
    # Cmnd_Alias    PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
    #                           /usr/bin/pkill, /usr/bin/top
    
    
    ##
    ## Defaults specification
    ##
    ## Prevent environment variables from influencing programs in an
    ## unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151)
    Defaults        always_set_home
    Defaults        env_reset
    ## Change env_reset to !env_reset in previous line to keep all environment variables
    ## Following list will no longer be necessary after this change
    
    
    Defaults        env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"
    ## Comment out the preceding line and uncomment the following one if you need
    ## to use special input methods. This may allow users to compromise  the root
    ## account if they are allowed to run commands without authentication.
    #Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
    
    
    ## Do not insult users when they enter an incorrect password.
    Defaults        !insults
    
    
    ##
    ## Uncomment to enable logging of a command's output, except for
    ## sudoreplay and reboot.  Use sudoreplay to play back logged sessions.
    # Defaults log_output
    # Defaults!/usr/bin/sudoreplay !log_output
    # Defaults!/sbin/reboot !log_output
    
    
    ## In the default (unconfigured) configuration, sudo asks for the root password.
    ## This allows use of an ordinary user account for administration of a freshly
    ## installed system. When configuring sudo, delete the two
    ## following lines:
    Defaults        targetpw
    ALL     ALL = (ALL) ALL   
    
    
    ##
    ## Runas alias specification
    ##
    
    
    ##
    ## User privilege specification
    ##
    root    ALL = (ALL) ALL
    Jake    ALL = (ALL) NOPASSWD:/usr/bin/zypper
    openSUSE Leap 15.0

  4. #4
    Join Date
    May 2010
    Location
    Space Colony Lagrange Point 22° à, 77° Ƅ, 56° ɤ, 99° ɜ
    Posts
    3,166

    Default Re: Use zypper as sudoer configuration

    Quote Originally Posted by bonedriven View Post
    I don't know why this doesn't work straightforward:


    If I use zypper to install sth it still says root is needed
    .
    Btw, I don't know if it's a bug or what, but everytime I edit the rule of sudoer, pressing "finish" gives a "can't write to rules, do you want to edit it again?"

    I then "yes" and "finish" again, the rule can be saved.
    Ignore the error
    The following entry works for me
    GNOME Version 3.20.2
    openSUSE Leap 42.3 64-bit

    www.vazhavandan.blogspot.com

  5. #5
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,118

    Default Re: Use zypper as sudoer configuration

    Quote Originally Posted by bonedriven View Post
    Hi Robin,
    Here's the result of the grep command:

    Code:
    ## sudoers file.##
    ## This file MUST be edited with the 'visudo' command as root.
    ## Failure to use 'visudo' may result in syntax or file permission errors
    ## that prevent sudo from running.
    ##
    ## See the sudoers man page for the details on how to write a sudoers file.
    ##
    
    
    ##
    ## Host alias specification
    ##
    ## Groups of machines. These may include host names (optionally with wildcards),
    ## IP addresses, network numbers or netgroups.
    # Host_Alias    WEBSERVERS = www1, www2, www3
    
    
    ##
    ## User alias specification
    ##
    ## Groups of users.  These may consist of user names, uids, Unix groups,
    ## or netgroups.
    # User_Alias    ADMINS = millert, dowdy, mikef
    
    
    ##
    ## Cmnd alias specification
    ##
    ## Groups of commands.  Often used to group related commands together.
    # Cmnd_Alias    PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
    #                           /usr/bin/pkill, /usr/bin/top
    
    
    ##
    ## Defaults specification
    ##
    ## Prevent environment variables from influencing programs in an
    ## unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151)
    Defaults        always_set_home
    Defaults        env_reset
    ## Change env_reset to !env_reset in previous line to keep all environment variables
    ## Following list will no longer be necessary after this change
    
    
    Defaults        env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"
    ## Comment out the preceding line and uncomment the following one if you need
    ## to use special input methods. This may allow users to compromise  the root
    ## account if they are allowed to run commands without authentication.
    #Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
    
    
    ## Do not insult users when they enter an incorrect password.
    Defaults        !insults
    
    
    ##
    ## Uncomment to enable logging of a command's output, except for
    ## sudoreplay and reboot.  Use sudoreplay to play back logged sessions.
    # Defaults log_output
    # Defaults!/usr/bin/sudoreplay !log_output
    # Defaults!/sbin/reboot !log_output
    
    
    ## In the default (unconfigured) configuration, sudo asks for the root password.
    ## This allows use of an ordinary user account for administration of a freshly
    ## installed system. When configuring sudo, delete the two
    ## following lines:
    Defaults        targetpw
    ALL     ALL = (ALL) ALL   
    
    
    ##
    ## Runas alias specification
    ##
    
    
    ##
    ## User privilege specification
    ##
    root    ALL = (ALL) ALL
    Jake    ALL = (ALL) NOPASSWD:/usr/bin/zypper
    You see there:
    Code:
    ## In the default (unconfigured) configuration, sudo asks for the root password.
    ## This allows use of an ordinary user account for administration of a freshly
    ## installed system. When configuring sudo, delete the two
    ## following lines:
    Defaults        targetpw
    ALL     ALL = (ALL) ALL
    My advice would be to do as said.
    Henk van Velden

  6. #6

    Default Re: Use zypper as sudoer configuration

    Quote Originally Posted by bonedriven View Post
    If I use zypper to install sth it still says root is needed
    .
    Just to be clear:
    If you just call "zypper" you are running it as user, not root!
    You have to run it with "sudo", then it gets run as root and you shouldn't be asked for the root passwd anymore because of your sudoers settings.
    Code:
    sudo zypper in xxx

  7. #7

    Default Re: Use zypper as sudoer configuration

    Quote Originally Posted by wolfi323 View Post
    Just to be clear:
    If you just call "zypper" you are running it as user, not root!
    You have to run it with "sudo", then it gets run as root and you shouldn't be asked for the root passwd anymore because of your sudoers settings.
    Code:
    sudo zypper in xxx
    Alright...this is my problem. Thanks.
    openSUSE Leap 15.0

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •