Le 21/11/2013 19:45, Dan McGhee a écrit : > This is the first time I have setup and configured 'sudo' in an LFS > build. I'm trying to learn this so that if I add an account for someone > besides me I can set it up. > > I want to be able to run halt, shutdown and reboot without invoking sudo > or su and without using a password. I know I can do this by adding > /sbin to my LFS path, but that would forestall any learning I'm trying > to do. > > I think that the first thing I must do is add aliases to either .bashrc > or .bash_profile for 'sudo reboot' et al. Once I figure out which file > to put that in I think it's just a matter of > > alias=<something> <comand> > > Then I need to edit the line "dan ALL=(ALL) ALL" in /etc/sudoers to read: > > dan ALL=(ALL) ALL:NOPASSWD /sbin/halt,/sbin/shutdown,/sbin/reboot > > Am I on the right track? > Hi Dan,
I think you want: dan ALL=(ALL) NOPASSWD: /sbin/halt,/sbin/shutdown,/sbin/reboot allows user dan to run only those three commands, without a password or maybe: dan ALL=(ALL) ALL, NOPASSWD: /sbin/halt,/sbin/shutdown,/sbin/reboot allows user Dan to run any command with a password, and the 3 commands without a password. But beware: the first ALL (the one after dan) means that user dan can run the commands when connected from anywhere. Since those commands are for machine maintenance, I would restrict the user to run from the machine. So the beginning before the '=' sign might be: dan dan_machine = Then the (ALL) in parenthesis means that the command can be run as any user. since the default is root, I would suppress that part (I guess you want the commands to be run as root). So the line could eventually be: dan dan_machine = NOPASSWD: /sbin/halt,/sbin/shutdown,/sbin/reboot I suggest you add a file (say 10-dan) in /etc/sudoers.d containing only that line. (If /etc/sudoers.d does not exist, create it as root with mode 550). The file 10-dan should have mode 440, and should belong to root too. Once you have created /etc/sudoers.d, then it is advised to use: su -c 'sudoedit /etc/sudoers.d/10-dan' (if that does not open the editor you like, add EDITOR=/usr/bin/youreditor before sudoedit). Now, if you want user dan to be able to run any command as any user from any host (giving his own password), the file may read: dan dan_machine = NOPASSWD: /sbin/halt,/sbin/shutdown,/sbin/reboot dan ALL=(ALL) ALL Hope it helps Regards Pierre -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
