sudo and Debian (was ssh and Debian)

[Brian Schramm]

I get the same thing.  I also run Sun's and other unix systems that do not 
have this problem.  I figure it is a problem with Debian but I am not sure.  
Anyone got any ideas at all?

Brian

Date: Tue, 2 Oct 2001 16:26:33 -0400
From: dman [EMAIL PROTECTED]
To: debian-user@lists.debian.org
Subject: Re: ssh and debian
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Tue, Oct 02, 2001 at 01:21:19PM -0400, Brian Schramm wrote:
| Sorry for teh confusion.  I use ssh to log in and sudo to change to the
| superuser account.  I ment sudo and debian in my letter.  Now here is my

Ah, ok.

| problem.  I log into my remote machine by ssh and then change to the sudo
| system from there.  No matter what I have tried it never askes me for a
| password.  I have had this happen ever since I have used debian and I have
| never had it do that for me on any other system.  It does not matter if I
| am loged into the local console or a remote console.  Here is my sudoers
| file:
| 
| # sudoers file.
| #
| # This file MUST be edited with the 'visudo' command as root.
| #
| # See the man page for details on how to write a sudoers file.
| #
| 
| # Host alias specification
| 
| # User alias specification
| 
| # Cmnd alias specification
| 
| # User privilege specification
| rootALL=(ALL) ALL
| bschrammALL=(ALL) ALL
| 
| This file works in other systems so I am not quite sure why it does not
| work as expected here.

It looks to me like that would require your password ... however a
quick test on my debian box shows that it doesn't.

Some snippets from 'man sudoers' that seem relevant :

   The reserved word ALL is a built in alias that always
   causes a match to succeed.  It can be used wherever one
   might otherwise use a Cmnd_Alias, User_Alias, Runas_Alias,
   or Host_Alias.  You should not try to define your own
   alias called ALL as the built in alias will be used in
   preference to your own.  Please note that using ALL can be
   dangerous since in a command context, it allows the user
   to run any command on the system.
-
   The User specification is the part that actually
   determines who may run what.

root   ALL = (ALL) ALL
%wheel ALL = (ALL) ALL

   We let root and any user in group wheel run any command on
   any host as any user.

FULLTIMERS ALL = NOPASSWD: ALL

   Full time sysadmins (millert, mikef, and dowdy) may run
   any command on any host without authenticating themselves.

PARTTIMERS ALL = ALL

   Part time sysadmins (bostley, jwfox, and crawl) may run
   any command on any host but they must authenticate
   themselves first (since the entry lacks the NOPASSWD tag).


Hmm, even using the PASSWD: option I still don't have to enter my
password.  I don't know why.


-D

-- 
Brian Schramm

919-871-6466
[EMAIL PROTECTED]

Re: sudo and Debian (was ssh and Debian)

[Vineet Kumar]

* Brian Schramm ([EMAIL PROTECTED]) [011003 06:29]:
 Hmm, even using the PASSWD: option I still don't have to enter my
 password.  I don't know why.

debian's sudo package has the password timeout set to 15 minutes. This
means that once you enter your password once, as long as you don't wait
more than 15 minutes between sudo commands, you won't have to enter it
again. The password timeout can be immediately expired with 'sudo -k'.
Was this the problem? Or did you never have to enter your password at
all? Maybe you did enter it once and then kept testing to see that it
wasn't asking for you password, but each of your tests was within 15
minutes of the last.

good times,

-- 
Vineet   http://www.anti-dmca.org
Unauthorized use of this .sig may constitute violation of US law.
echo Qba\'g gernq ba zr\! |tr 'a-zA-Z' 'n-za-mN-ZA-M'


pgpApmo5k7Z4X.pgp
Description: PGP signature