You can run sudo -l to see the permissions that your user has been granted, if any of the user specific NOPASSWD commands appear BEFORE any %groupyouarein ALL=(ALL) ALL command in the output you will be prompted for your password. Then save and exit and visudo will warn you if you have any syntax errors. Gatoatigrado ALL=NOPASSWD: /bin/set-slow-cpufreq You should also always use visudo to edit the file(s). Ideally if you are customizing what commands can be run via sudo you should be making these changes in a separate file under /etc/sudoers.d/ instead of editing the sudoers file directly. (sudo visudo)Īlso, having another window open switched to the root user allows you to recover any mistakes you might make while changing the sudoers file. Rather than moving my entry below the sudo line I simply removed the line I had previously added and then added NOPASSWD to the entry for %sudoĪgain only use nopasswd if you really need it (In my case it was precisely what I needed, for most users requiring a password for sudo activity is best)Īlways edit sudoers with visudo. The group sudo shows up in sudoers after the entry for my username. I was still having to password authenticate.Įnzotib's answer is the key to what's going on. ![]() NOTE if you use nopasswd on your laptop you must always lock your computer as you walk away or else a casual attacker can compromise a lot while you're getting up to put cream in your coffee ![]() I had then manually added myself to the sudoers file using sudo visudo: my_username ALL=(ALL:ALL) NOPASSWD:ALL The Ubuntu installer prompts for a non-root admin user which gets added to the group sudo. I have enabled full disk encryption (otherwise an attacker with physicall access can do anything he or she wants) I want to auth with pub key only (I will unset the password so that the "have something, know something" scheme will be a password protected keypair -root login is of course disabled entirely) The advantage of this method is that it doesn't require nested quoting you can run a multi-word command without having troubles with whitespace or special characters.My situation is I'm setting up a remote system that will run headless. Sudo env -chdir="/root/secret" bash # coreutils v8.28 (debian buster) Recent Linux systems have one or two helpers which could be used: sudo nsenter -wd="/root/secret" bash # util-linux v2.23 (debian jessie) Note: The outer command doesn't have to be a shell, it just needs to be something that changes its working directory and executes a new command. If you want to do it all in one command, it would have to look like this – first change the working directory, then start an interactive shell: sudo bash -c "cd /root/secret & bash" One way to achieve what you want is to run an interactive shell with root privileges (any method works), and just use the regular cd in it: /]$ sudo /]# cd /root/secret Currently no such mechanism exists on Linux (nor most other operating systems). So for sudo cd to work, sudo itself would have to be a shell built-in, and it would need some way to raise privileges of an already-running process. ![]() Your shell's working directory cannot be changed by any child process – so even if you manage to run cd in a privileged subshell, it'll only change the working directory of that temporary subshell, and it does not matter what method of raising privileges you use. If you were looking for easier, why are you using 'sudo' in the first place instead of just logging in as root?Īs you noted, cd is a shell built-in command, and there's a reason for that: the "current directory" is a per-process parameter which can be only changed by the process itself. If you find yourself wondering: "What change did I make the other day?," then you will thank you, because you won't have to wonder what file or files you edited.Īll of this said, enabling and executing some form of 'sudo bash' is definitely easier. If you are working in a secure environment, your IA team will thank you. However, it is far more audit-able, and much more in-line with the principles behind sudo than running some variant of 'sudo bash.' This is definitely more typing, and a little harder than just changing directories. if you wanted to edit a file in /root/private/: sudo ls /root The sudo tool is intended to take actions as a superuser, and you're describing something that is more of a state change that would precede actions such as 'ls' or 'vi' or others to make them simpler.
0 Comments
Leave a Reply. |