Trouble with /etc/sudoers file

Hello everybody,
I meet a bit trouble with /etc/sudoers file. My trouble is:
My account is “banhbaochay”, I want to run as root, so I edit sudoers with visudo. I do as follow steps:

  1. switch root and type visudo
  2. I add the line at the end of file:
banhbaochay ALL=(ALL)     ALL
  1. Save and quit visudo
    But when I’m in banhbaochay account and type
$ sudo head -3 /etc/shadow
root's password:

I type banhbaochay’s password but reply is incorrect. :frowning:
I don’t know where’s my mistake? Can you help me?
Thanks for reading

EDIT: I use openSUSE 11.2 - 64bit, KDE 4.4

You need to set the targetpw option off if you want to use your own password. See man page for sudoers. Note that this means anybody on your machine can become root with their own password, so you may want to restrict the effect to just yourself.

Oh, thank you very much. It’s my fool :smiley:
It’s done.

EDIT: How can I mark [SOLVED] to the topic 's header? I can’t see the edit button in my first post?

banhbaochay wrote:
> EDIT: How can I mark [SOLVED] to the topic 's header? I can’t see the
> edit button in my first post?

can’t edit after about 10 minutes, and can’t add solved to the header…

for the why’s on both of those used the forum advanced search function
to look in the
http://forums.opensuse.org/forums-feedback/forums-comments-suggestions/


DenverD (Linux Counter 282315)
CAVEAT: http://is.gd/bpoMD
posted via NNTP w/TBird 2.0.0.23 | KDE 3.5.7 | openSUSE 10.3
2.6.22.19-0.4-default SMP i686
AMD Athlon 1 GB RAM | GeForce FX 5500 | ASRock K8Upgrade-760GX |
CMedia 9761 AC’97 Audio

Opp, I 've got a new trouble in my sudoers file. Here is my sudoers fie:

In the default (unconfigured) configuration, sudo asks for the root password.

This allows use of an ordinary user account for administration of a freshly

installed system. When configuring sudo, delete the two

following lines:

Defaults targetpw
ALL ALL = (ALL) ALL
Defaults:banhbaochay passwd_timeout=0,timestamp_timeout=0

Runas alias specification

User privilege specification

root ALL = (ALL) ALL
banhbaochay ALL = (root) /usr/sbin/rcmysql

As ken_yap 's advise, I comment the line “Defaults targetpw” then I type:

sudo /usr/sbin/rcmysql status

System show “banhbaochay’s password:”, it’s done. But when I type any root command, system always ask me “banhbaochay’s passwor:”, not “root’s password:”. It’s not good, I only want to set 1 command rcmysql to banhbaochay account, the others root command must run with root password.

If I comment more line “ALL ALL=(ALL) ALL” as my sudoers 's advise “delete 2 line follow”, when I type other root command, system still ask me banhbaochay’s password. After typing banhbaochay’s password, system show “banhbaochay is not allowed to execute … as root”.
Can you help me :frowning:

Read man sudoers for how to restrict the default to one command. It’s this paragraph:

   Certain configuration options may be changed from their default values
   at runtime via one or more Default_Entry lines.  These may affect all
   users on any host, all users on a specific host, a specific user, a
   specific command, or commands being run as a specific user.  Note that
   per-command entries may not include command line arguments.  If you
   need to specify arguments, define a Cmnd_Alias and reference that
   instead.

Thus, Can I config sudoers for: “In banhbaochay account, I can use 1 root command with banhbaochay’s password and use the others root command with root’s password”?

I search with google about sudoers but I only find information for how to write a line as “user host=(root…) command”.

Look at the description in man sudoers, it says that the format of a Default_Entry is:

Default_Entry ::= Default_Type Parameter_List

and a Default_Type is:

Default_Type ::= 'Defaults' '!' Cmnd_List

for the case of restricting the effect to specified commands. Parameter_List is simply ! targetpw to turn it off. So in your case, it would be:

Defaults ! restartmysql ! targetpw

where restartmysql is a Cmnd_Alias, to get around the restriction that the commands be one word each.

Oh, I’m sorry, It’s my fault for not seeing man sudoers as you advised first. I’m seeing man page sudoers and your last post.
Thank you very much :smiley: