[Eug-lug] Sudoers question

Allen Brown abrown at peak.org
Wed Apr 4 11:31:22 PDT 2007 

Michael Miller wrote:
> I advise you to read the man pages for your distribution.  You there
> may be a sudoers group setup that you may need to be in.
> 
> -Miller

I have found sudo to be essential, but a PITA.  (See first defn)
http://www.acronymfinder.com/af-query.asp?Acronym=PITA&Find=Find&String=exact

The main problem I have with sudo is it's error checking.  Basically
there is only one error message: syntax error.  Missing punctuation?
Syntax error.  Failed to define a symbol?  Syntax error.
I've spent hours finding an error which would have been trivial
with a better error report.  Granted, writing good error messages
is not trivial.  But the author of sudo didn't even try.

Another complication is that if your sudo is configured to give
passwordless validation for 5 minutes after you have validated
once, it becomes hard to know if you have your configuration
working correctly.

In any case, here is a copy of my sudoers file.
# ========= Runas alias specification =========
Runas_Alias AS_ROOT=root

# ========= Cmnd alias specification =========
Cmnd_Alias UNRESTRICTEDCOMMAND=\
        /usr/local/sbin/networklog,\
        /usr/bin/apm --suspend,\
        /usr/bin/updatedb

# ========= Defaults =========

Defaults	!lecture,tty_tickets,!fqdn

# ========= User privilege specification =========
root	ALL=(ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

ALL     ALL=(AS_ROOT) NOPASSWD: UNRESTRICTEDCOMMAND

This is not exactly what you asked for, but it should be
close.  I have given unrestricted access to a few
commands.  You may want to restrict such access to only
yourself.

And your current line
  martin ALL = (ALL) ALL
is fine and would probably be used in place of my line
  %admin ALL=(ALL) ALL
which I inherited from my Ubuntu install.
-- 
Allen Brown  abrown at peak.org  http://brown.armoredpenguin.com/~abrown/
  The illusion of freedom will continue as long as it's profitable
  to continue the illusion. At the point where the illusion becomes
  too expensive to maintain, they will just take down the scenery,
  they will pull back the curtains, they will move the tables and
  chairs out of the way, and you will see the brick wall at the back
  of the theatre. --- Frank Zappa

More information about the EUGLUG mailing list