Everyone can type 'sudo reboot' AND without having to enter the password for sudo the system simply reboots.
This should not be the case ...
<SOLVED> a little 'minor' but annoying bug
- jeanpaulberes
- Posts: 36
- Joined: Wed Dec 19, 2018 11:56 am
<SOLVED> a little 'minor' but annoying bug
Last edited by jeanpaulberes on Sun Jan 06, 2019 1:25 pm, edited 1 time in total.
- anticapitalista
- Developer
- Posts: 4167
- Joined: Sat Jul 15, 2006 10:40 am
Re: a little 'minor' but annoying bug
You can change this behaviour by editing the /etc/sudoers.d/mxers file
anticapitalista
Reg. linux user #395339.
Philosophers have interpreted the world in many ways; the point is to change it.
antiX with runit - lean and mean.
https://antixlinux.com
Reg. linux user #395339.
Philosophers have interpreted the world in many ways; the point is to change it.
antiX with runit - lean and mean.
https://antixlinux.com
Re: a little 'minor' but annoying bug
Or perhabs edit a new extra sudoers-file, to avoid changing system provided files,anticapitalista wrote: ↑Tue Jan 01, 2019 9:23 am You can change this behaviour by editing the /etc/sudoers.d/mxers file
which might get overwritten by system updates.
eg by creating a new sudoers-file /etc/sudoers.d/timeout and editing this way:
Code: Select all
sudo visudo -f /etc/sudoers.d/timeout
Code: Select all
Defaults timestamp_timeout=0
hnyman sudoers wrote: timestamp_timeout
Number of minutes that can elapse before sudo will ask for a
passwd again. The timeout may include a fractional component
if minute granularity is insufficient, for example 2.5. The
default is 15. Set this to 0 to always prompt for a password.
If set to a value less than 0 the user's time stamp will not
expire until the system is rebooted. This can be used to allow
users to create or delete their own time stamps via “sudo -v”
and “sudo -k” respectively.
Gigabyte Z77M-D3H, Intel Xeon E3-1240 V2 (Quad core), 32GB RAM,
GeForce GTX 770, Samsung SSD 850 EVO 500GB, Seagate Barracuda 4TB
GeForce GTX 770, Samsung SSD 850 EVO 500GB, Seagate Barracuda 4TB
- jeanpaulberes
- Posts: 36
- Joined: Wed Dec 19, 2018 11:56 am
Re: a little 'minor' but annoying bug
Even with the timeout set to zero, the way mentioned here above, it still works without entering a password :(
Re: a little 'minor' but annoying bug
Some commands are intentionally setup for all "sudoers" to run without entering a password.jeanpaulberes wrote: ↑Sun Jan 06, 2019 4:38 am Even with the timeout set to zero ... it still works without entering a password
So in this case if you want to always enter a password for the reboot-command, you can either delete or comment out change this line:
Code: Select all
%users ALL=(root) NOPASSWD: /sbin/reboot
Code: Select all
%users ALL=(root) /sbin/reboot
Code: Select all
/etc/sudoers.d/antixers
/etc/sudoers.d/mxers
Code: Select all
sudo visudo -f /etc/sudoers.d/antixers
Code: Select all
sudo visudo -f /etc/sudoers.d/mxers
EDIT: Ooops: not delete but change the lines!
Gigabyte Z77M-D3H, Intel Xeon E3-1240 V2 (Quad core), 32GB RAM,
GeForce GTX 770, Samsung SSD 850 EVO 500GB, Seagate Barracuda 4TB
GeForce GTX 770, Samsung SSD 850 EVO 500GB, Seagate Barracuda 4TB
- jeanpaulberes
- Posts: 36
- Joined: Wed Dec 19, 2018 11:56 am
Re: a little 'minor' but annoying bug
Thanks a lot !!!fehlix wrote: ↑Sun Jan 06, 2019 7:44 amSome commands are intentionally setup for all "sudoers" to run without entering a password.jeanpaulberes wrote: ↑Sun Jan 06, 2019 4:38 am Even with the timeout set to zero ... it still works without entering a password
So in this case if you want to always enter a password for the reboot-command, you can either delete or comment out change this line:toCode: Select all
%users ALL=(root) NOPASSWD: /sbin/reboot
within these sudoers-files:Code: Select all
%users ALL=(root) /sbin/reboot
by editing these sudoers-file's with the sudo-file editor visudo:Code: Select all
/etc/sudoers.d/antixers /etc/sudoers.d/mxers
andCode: Select all
sudo visudo -f /etc/sudoers.d/antixers
Code: Select all
sudo visudo -f /etc/sudoers.d/mxers
EDIT: Ooops: not delete but change the lines!