thanks.... I think I am grasping it! :-)~MIKE~(-:
On Mon, Jul 14, 2014 at 9:48 PM, James Dugger <[email protected]> wrote: > Michael, > > The following line: > > %sudo ALL=(ALL) NOPASSWD: ALL > > literally means: > > ALL users in the sudo group can execute ALL commands as ALL users > from ALL places without a password. > > Without any lines after this. The only thing that you would need to do is > add users to the sudo group (/etc/group). Thus the line: > > $ sudo useradd -G sudo <user> > > The %sudo portion of the stanza tells Linux to look in the /etc/group file > for a line starting with "sudo" and include any users listed on that line > in the sudo group. This way you don't have to add them individually as > separate lines in the sudoers file. For example lets say you have 3 users > (john, jane, sam) that you want to have sudo rights w/o a password. It > could be done in one of two ways: > > 1st- in sudoers > > jane ALL=(ALL) NOPASSWD: ALL > john ALL=(ALL) NOPASSWD: ALL > sam ALL=(ALL) NOPASSWD: ALL > > or > > 2nd - in sudoers and /etc/group > > %sudo ALL=(ALL) NOPASSWD: ALL > > in /etc/group > > sudo:x:##:john,jane,sam > > Both work but programmatically the 2nd option eliminates redundant code > when writing scripts and allows the use of additional shell commands (and > arguably more simple ones) to be used to maintain file changes (i.e. sudo > useradd -a -G sudo <user>). When scripting it is easier add the use of > usermod and useradd to a script than to use commands like sed -i and then > having to escape special characters like "%, (, and )" when making changes > or updates. > > > > On Mon, Jul 14, 2014 at 7:48 PM, Michael Havens <[email protected]> wrote: > >> I was wondering: these are the instructions I was given to make it so I >> don't need to input my password after I sudo. >> --- >> sudo visudo >> <password> >> >> comment out the line: >> >> %sudo ALL=(ALL:ALL) ALL >> >> and add a new line below it like this: >> >> %sudo ALL=(ALL) NOPASSWD: ALL >> >> sudo useradd -G sudo <user> >> --- >> I was thinking that with the script being like that I probably don't need >> the last line because the way it is I am telling it no one needs a password >> with sudo. It would probably be more secure to have: >> >> %sudo ALL=(ALL) NOPASSWD: <desired users> >> >> is that correct? If I had multiple users who I wanted to not use a >> password would I separate the users with a space or comma? If I only wanted >> one user to be able to sudo it would be: >> >> %sudo <user>=(ALL) NOPASSWD: <user> >> >> what is the point of th ALL surrounded by parentheses? >> :-)~MIKE~(-: >> >> --------------------------------------------------- >> PLUG-discuss mailing list - [email protected] >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >> > > > > -- > James > > *Linkedin <http://www.linkedin.com/pub/james-h-dugger/15/64b/74a/>* > > --------------------------------------------------- > PLUG-discuss mailing list - [email protected] > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss >
--------------------------------------------------- PLUG-discuss mailing list - [email protected] To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
