Re: [gentoo-user] Change in sudoers format?
Thanks for the comments everybody. I'll let etc-update do its thing. -- Walter Dnes I don't run "desktop environments"; I run useful applications
Re: [gentoo-user] Change in sudoers format?
On 5/29/22 9:48 AM, w...@op.pl wrote: User xyz can exacute command D on host A as user B in group C ... is just a matter of consistency ;) The group that a command is run as starts to become much more germane when you are using sudo to run commands as a different non-root user. E.g. if you want to run commands as the Oracle user to manage things about a database. In some ways this is somewhat akin to setting the GID bit on a directory so that newly created files inherit the group of the directory. At least insofar as the type of situation that would necessitate the use of this feature. -- Grant. . . . unix || die
Re: [gentoo-user] Change in sudoers format?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dnia 2022-05-29, o godz. 14:47:12 Peter Humphrey napisaĆ(a): > On Thursday, 26 May 2022 21:54:50 BST Walter Dnes wrote: > > I just ran an update and noticed that etc-update wants to change > > the layout of /etc/sudoers, specifically... > > > > > ## > > > > ## > > ## User privilege specification > > ## > > -root ALL=(ALL) ALL > > +root ALL=(ALL:ALL) ALL > > > > ## Uncomment to allow members of group wheel to execute any command > > -# %wheel ALL=(ALL) ALL > > +# %wheel ALL=(ALL:ALL) ALL > > > > ## Same thing without a password > > -# %wheel ALL=(ALL) NOPASSWD: ALL > > +# %wheel ALL=(ALL:ALL) NOPASSWD: ALL > > > > ## Uncomment to allow members of group sudo to execute any command > > -# %sudoALL=(ALL) ALL > > +# %sudoALL=(ALL:ALL) ALL > > > > ## Uncomment to allow any user to run sudo if they know the > > password ## of the user they are running the command as (root by > > default). # Defaults targetpw # Ask for the password of the target > > user -# ALL ALL=(ALL) ALL # WARNING: only use this together with > > 'Defaults targetpw' +# ALL ALL=(ALL:ALL) ALL # WARNING: only use > > this together with 'Defaults targetpw' > > > > > ## > > > > ...and similar changes for /etc/sudoers.dist. What is this about, > > and should I go ahead? > > I did it without thinking about it, and nothing untoward has > befallen. Yet. > After reading 'man sudoers' (especially the 'examples' part) I see there's a slight difference between (although in case of gaining root privileges it is only a matter of aesthetics): Line: xyz A=(B:C) D means: User xyz can exacute command D on host A as user B in group C Therefore changing: rootALL=(ALL) ALL to rootALL=(ALL:ALL) ALL is just a matter of consistency ;) - xWK -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTD0rOlRXTVQVPxHd4dqSXVhOqGqwUCYpOVxQAKCRAdqSXVhOqG q9EsAP9qXwy8RqzEqsLU8AhGjS7Ab5ehN/2IFRrXWZHnmSIwxgD/WyL/k9RgzkB+ fn8y3fOQzgd8jyJkBoSA3rTAqv4+GtE= =G2UQ -END PGP SIGNATURE-
Re: [gentoo-user] Change in sudoers format?
On Thursday, 26 May 2022 21:54:50 BST Walter Dnes wrote: > I just ran an update and noticed that etc-update wants to change the > layout of /etc/sudoers, specifically... > > ## > > ## > ## User privilege specification > ## > -root ALL=(ALL) ALL > +root ALL=(ALL:ALL) ALL > > ## Uncomment to allow members of group wheel to execute any command > -# %wheel ALL=(ALL) ALL > +# %wheel ALL=(ALL:ALL) ALL > > ## Same thing without a password > -# %wheel ALL=(ALL) NOPASSWD: ALL > +# %wheel ALL=(ALL:ALL) NOPASSWD: ALL > > ## Uncomment to allow members of group sudo to execute any command > -# %sudoALL=(ALL) ALL > +# %sudoALL=(ALL:ALL) ALL > > ## Uncomment to allow any user to run sudo if they know the password > ## of the user they are running the command as (root by default). > # Defaults targetpw # Ask for the password of the target user > -# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults > targetpw' +# ALL ALL=(ALL:ALL) ALL # WARNING: only use this together with > 'Defaults targetpw' > > ## > > ...and similar changes for /etc/sudoers.dist. What is this about, and > should I go ahead? I did it without thinking about it, and nothing untoward has befallen. Yet. -- Regards, Peter.
Re: [gentoo-user] Change in sudoers format?
On Thursday, 26 May 2022 21:54:50 BST Walter Dnes wrote: > I just ran an update and noticed that etc-update wants to change the > layout of /etc/sudoers, specifically... > > ## > > ## > ## User privilege specification > ## > -root ALL=(ALL) ALL > +root ALL=(ALL:ALL) ALL [snip ...] > ...and similar changes for /etc/sudoers.dist. What is this about, and > should I go ahead? I can't recall how long ago the syntax changed to this format. I'm currently running 'app-admin/sudo1.9.10-r1' and it works as it should using the new syntax. Therefore I would think you can go ahead with accepting this change. signature.asc Description: This is a digitally signed message part.
[gentoo-user] Change in sudoers format?
I just ran an update and noticed that etc-update wants to change the layout of /etc/sudoers, specifically... ## ## ## User privilege specification ## -root ALL=(ALL) ALL +root ALL=(ALL:ALL) ALL ## Uncomment to allow members of group wheel to execute any command -# %wheel ALL=(ALL) ALL +# %wheel ALL=(ALL:ALL) ALL ## Same thing without a password -# %wheel ALL=(ALL) NOPASSWD: ALL +# %wheel ALL=(ALL:ALL) NOPASSWD: ALL ## Uncomment to allow members of group sudo to execute any command -# %sudoALL=(ALL) ALL +# %sudoALL=(ALL:ALL) ALL ## Uncomment to allow any user to run sudo if they know the password ## of the user they are running the command as (root by default). # Defaults targetpw # Ask for the password of the target user -# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw' +# ALL ALL=(ALL:ALL) ALL # WARNING: only use this together with 'Defaults targetpw' ## ...and similar changes for /etc/sudoers.dist. What is this about, and should I go ahead? -- Walter Dnes I don't run "desktop environments"; I run useful applications