I am running AntiX 13.2 on desktop PC with few space in hard disk. I maked two users: (1) tesistas (this is the principal) and (2) pruebas (this is for test default settings only).
The tesistas user is used by several people, and as I want use some commands as fdisk, lsblk, lspcmcia, cat /var/log/*, etc., without have that write password, so I maked a sudoers per command file (named antiusers) in sudoers.d directory:
Code: Select all
tesistas@Tesistas:~
$ sudo visudo -f / etc/sudoers.d/antiusers
# sudoers file.
#
# --> This file was modified by tesistas user at 17/07/2016 18:43.
# --> The sudo package version is sudo_1.8.5p2-1+nmu3+deb7u1.
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in / etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
# ***********************
# DEFINED ALIAS
# ***********************
# ### User alias specification ### ##################
#
# At present, User_Alias have not been makes.
# ### Runas alias specification ### #################
#
# At present, Runas_Alias have not been makes.
# ### Host alias specification ### ###################
#
# At present, Host_Alias have not been makes.
# ### Cmnd alias specification ### ###################
#
Cmnd_Alias SUDO_SET = /usr/sbin/visudo
Cmnd_Alias LOGOUT = /usr/local/bin/restart-X
Cmnd_Alias REBOOT = /usr/local/bin/shutdown -r now, /usr/local/bin/reboot
Cmnd_Alias POWEROFF = /usr/local/bin/shutdown -h now, /usr/local/bin/halt, /usr/local/bin/poweroff
Cmnd_Alias X_DM = /usr/local/bin/slim-login, /usr/local/bin/antixccslim.sh, / etc/init.d/slim *
Cmnd_Alias DESKTOP_CHNG = /usr/local/bin/update-default-desktop
Cmnd_Alias DESKTOP_ENV_SET = /usr/bin/rox, /bin/mknod -m 666 /dev/nvidia*, /sbin/modprobe -v nvidia, \
/sbin/modprobe -v nvidia-uvm, /usr/local/bin/nvidia-dev_creator.sh
Cmnd_Alias NET = sudoedit / etc/network/interfaces, /usr/local/bin/connectshares.sh, /usr/local/bin/disconnectshares.sh
Cmnd_Alias WIDE_SET = sudoedit / etc/profile, sudoedit / etc/X11/*, sudoedit / etc/crontab, sudoedit / etc/fstab, \
sudoedit / etc/inittab, sudoedit / etc/udev/*, sudoedit /lib/udev/rules.d/*, \
sudoedit / etc/default/keyboard, sudoedit / etc/grub.d/*, sudoedit /boot/grub/menu.lst, \
sudoedit / etc/sudoers, sudoedit / etc/sudoers.d/*, sudoedit /usr/local/bin/*, \
sudoedit /usr/local/share/doc/*, sudoedit / etc/apt/sources.list.d/*, \
sudoedit / etc/apt/preferences.d/*, sudoedit / etc/sysctl.conf, sudoedit / etc/sysctl.d/*, \
sudoedit /opt/*, sudoedit / etc/pam.d/*, sudoedit / etc/clamav/freshclam.conf
Cmnd_Alias SEARCH = / etc/cron.daily/mlocate, /usr/bin/mlocate
Cmnd_Alias DEV_SET = /sbin/fdisk -l, /sbin/fdisk.distrib, /sbin/blkid, /bin/lsblk -flm, /sbin/lspcmcia, \
/sbin/pccardctl, /sbin/udevadm
Cmnd_Alias SYSTEM_CLEAN = /usr/bin/apt-get autoclean, /usr/bin/apt-get clean, /usr/bin/apt-get autoremove, \
/usr/sbin/orphaner, /usr/sbin/editkeep, /usr/bin/freshclam, /usr/bin/dpkg --purge
Cmnd_Alias DIR_SYNC = /usr/bin/grsync, /usr/bin/grsync-batch
Cmnd_Alias BACKUP = /usr/local/bin/remaster.sh, /usr/local/bin/remastercc.sh, /usr/local/bin/persist-makefs, \
/usr/local/bin/persist-save, /usr/local/bin/persist-config, /usr/local/bin/persist-enabled, \
/usr/local/bin/remaster-live, /usr/local/bin/run-mksquashfs, /usr/local/bin/antix2usb.py, \
/usr/local/bin/antix2usb.sh, /usr/bin/luckybackup, /usr/local/bin/antixsnapshot-gui, \
/usr/local/bin/antixsnapshot, /usr/sbin/partimage, /usr/sbin/gparted, /usr/bin/testdisk, \
/usr/bin/photorec, /usr/bin/extundelete
Cmnd_Alias UTILS = /usr/bin/sudoedit, /usr/bin/apt-get update, /usr/bin/apt-get upgrade, /usr/bin/apt-get -f install, \
/usr/bin/apt-get -s install, /bin/cp -u / etc/default/keyboard / etc/default/keyboard.old
Cmnd_Alias APPS_EXE = /bin/*, /usr/bin/gksu, /usr/bin/su-to-root, /usr/bin/ktsuss, /usr/bin/sux, /usr/sbin/synaptic, \
/usr/local/bin/antix-system.sh, /usr/bin/gparted, /usr/local/bin/grub-repair-antix, \
/usr/sbin/update-grub, /usr/sbin/sysv-rc-conf, /usr/local/bin/user-management, \
/usr/sbin/dpkg-reconfigure, /usr/bin/rutilt, /usr/bin/gufw, /usr/bin/ceni, /usr/bin/install-meta, \
/usr/local/bin/group-management, /usr/bin/Xorg, /usr/bin/dpkg, /usr/bin/apt-get remove *, \
/usr/bin/apt-get purge *, /usr/bin/apt-get install *, /usr/bin/apt-get autoremove, \
/usr/bin/apt-get install --reinstall *, /usr/bin/apt-key, /usr/sbin/dmidecode, /usr/sbin/smartctl, \
/usr/bin/gsmartcontrol, /usr/bin/make *, /usr/bin/install *, /sbin/swapoff, /sbin/swapon, \
/sbin/sysctl
Cmnd_Alias LOGS_READ = /bin/cat /var/log/*
#
# ***********************
# DEFINED OPTIONS
# ***********************
Defaults env_reset
Defaults env_keep +="RESTARTED"
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
Defaults timestamp_timeout=5
# ***********************
# DEFINED RULES
# ***********************
# ### Root user privilege specification ###
root ALL=(ALL:ALL) ALL
# ### Regulars users privileges specification ###
%users ALL=(root) NOPASSWD: LOGOUT, REBOOT, POWEROFF, DESKTOP_CHNG, DESKTOP_ENV_SET, NET, SEARCH, DEV_SET, \
SYSTEM_CLEAN, DIR_SYNC, UTILS, LOGS_READ
%users ALL=(root) PASSWD: SUDO_SET, X_DM, WIDE_SET, BACKUP, APPS_EXE
# ### Allow members of group sudo to execute any command ###
%sudo ALL=(ALL:ALL) ALL
Code: Select all
tesistas@Tesistas:~
$ sudo visudo -cf / etc/sudoers.d/antiusers
[sudo] password for tesistas:
/ etc/sudoers.d/antiusers: parsed OK
The anothers sudoers files are intact; here is the content of sudoers.d folder:
Code: Select all
total 36
-rw-r--r-- 1 root root 21215 Aug 31 21:28 antiusers
-r--r----- 1 root root 921 Aug 30 15:52 antixers
-r--r----- 1 root root 674 May 26 2013 antixers.dpkg-dist
-r--r----- 1 root root 958 Mar 1 2013 README
Code: Select all
tesistas@Tesistas:~
$ sudo visudo -f / etc/sudoers.d/antixers
# sudoers file.
%users ALL=(root) NOPASSWD: /sbin/halt
%users ALL=(root) NOPASSWD: /sbin/reboot
%users ALL=(root) NOPASSWD: /sbin/poweroff
%users ALL=(root) NOPASSWD: /sbin/blkid
%users ALL=(root) NOPASSWD: /sbin/fdisk.distrib
%users ALL=(root) NOPASSWD: /usr/bin/ceni
%users ALL=(root) NOPASSWD: /usr/bin/rox
%users ALL=(root) NOPASSWD: /usr/local/bin/persist-config
%users ALL=(root) NOPASSWD: /usr/local/bin/persist-save
%users ALL=(root) NOPASSWD: /usr/sbin/minstall
%users ALL=(root) NOPASSWD: /usr/local/bin/connectshares.sh
%users ALL=(root) NOPASSWD: /usr/local/bin/disconnectshares.sh
Defaults env_keep +="RESTARTED"
%users ALL=(root) NOPASSWD: /usr/local/bin/update-default-desktop
Here is the command"id" output:
Code: Select all
tesistas@Tesistas:~
$ id
uid=1000(tesistas) gid=1000(tesistas) groups=1000(tesistas),7(lp),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),100(users),102(crontab),103(fuse),109(netdev),110(mlocate),1001(storage)
Code: Select all
tesistas@Tesistas:~
$ groups
tesistas lp dialout cdrom floppy sudo audio dip video plugdev users crontab fuse netdev mlocate storage
I can read logs (per example), but when I use command"sudo fdisk -l", the prompt request the password. I not understand why?
I read the sudoers manpage and several sources on sudo/sudoers on net. I read that"users" group (%users in sudoers files) is a traditional group in Unix systems but Debian prefer use a group per user. So I think that maybe it could be that tesistas user is added to"users" group and lack a own group.
Please, can guide me...?
Sorry by my English use... __{{emoticon}}__