-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Dnia 2022-05-29, o godz. 14:47:12
Peter Humphrey <[email protected]> napisaƂ(a):

> On Thursday, 26 May 2022 21:54:50 BST Walter Dnes wrote:
> >   I just ran an update and noticed that etc-update wants to change
> > the layout of /etc/sudoers, specifically...
> > 
> >   
> ######################################################################
> > 
> >  ##
> >  ## User privilege specification
> >  ##
> > -root ALL=(ALL) ALL
> > +root ALL=(ALL:ALL) ALL
> > 
> >  ## Uncomment to allow members of group wheel to execute any command
> > -# %wheel ALL=(ALL) ALL
> > +# %wheel ALL=(ALL:ALL) ALL
> > 
> >  ## Same thing without a password
> > -# %wheel ALL=(ALL) NOPASSWD: ALL
> > +# %wheel ALL=(ALL:ALL) NOPASSWD: ALL
> > 
> >  ## Uncomment to allow members of group sudo to execute any command
> > -# %sudo        ALL=(ALL) ALL
> > +# %sudo        ALL=(ALL:ALL) ALL
> > 
> >  ## Uncomment to allow any user to run sudo if they know the
> > password ## of the user they are running the command as (root by
> > default). # Defaults targetpw  # Ask for the password of the target
> > user -# ALL ALL=(ALL) ALL  # WARNING: only use this together with
> > 'Defaults targetpw' +# ALL ALL=(ALL:ALL) ALL  # WARNING: only use
> > this together with 'Defaults targetpw'
> > 
> >   
> ######################################################################
> > 
> > ...and similar changes for /etc/sudoers.dist.  What is this about,
> > and should I go ahead?  
> 
> I did it without thinking about it, and nothing untoward has
> befallen. Yet.
> 

After reading 'man sudoers' (especially the 'examples' part) I see
there's a slight difference between (although in case of gaining root
privileges it is only a matter of aesthetics):
Line:
xyz     A=(B:C) D
means:
User xyz can exacute command D on host A as user B in group C
Therefore changing:
root    ALL=(ALL) ALL
to
root    ALL=(ALL:ALL) ALL
is just a matter of consistency ;)

- ----
xWK 
-----BEGIN PGP SIGNATURE-----

iHUEAREIAB0WIQTD0rOlRXTVQVPxHd4dqSXVhOqGqwUCYpOVxQAKCRAdqSXVhOqG
q9EsAP9qXwy8RqzEqsLU8AhGjS7Ab5ehN/2IFRrXWZHnmSIwxgD/WyL/k9RgzkB+
fn8y3fOQzgd8jyJkBoSA3rTAqv4+GtE=
=G2UQ
-----END PGP SIGNATURE-----

Reply via email to