sudo

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

sudo

Patrick Dupre-4
Hello,

I am running user in old fashion

I wanted that a user be able to do:
mount /dev/mapper/VolGrpUsr_DK0-home /mnt/USB

With visudo, I did
pdupre  localhost=/usr/bin/mount /dev/mapper/VolGrpUsr_DK0-home /mnt/USB/

(pdupre is also member of pdupre
I tried also
%pdupre  localhost=/usr/bin/mount /dev/mapper/VolGrpUsr_DK0-home /mnt/USB/)


But it does not work
/usr/bin/mount /dev/mapper/VolGrpUsr_DK0-home /mnt/USB
mount: only root can do that

or
sudo /usr/bin/mount /dev/mapper/VolGrpUsr_DK0-home /mnt/USB
[sudo] password for pdupre:
pdupre is not allowed to run sudo on Teucidide.  This incident will be reported.

I also tried to put pdupre as member of wheel, but it does not help.

Where is my mistake?

Thank


===========================================================================
 Patrick DUPRÉ                                 | | email: [hidden email]
===========================================================================
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: sudo

Ulf Volmer
On 08.01.19 10:57, Patrick Dupre wrote:

> With visudo, I did
> pdupre  localhost=/usr/bin/mount /dev/mapper/VolGrpUsr_DK0-home /mnt/USB/

> sudo /usr/bin/mount /dev/mapper/VolGrpUsr_DK0-home /mnt/USB

When you allow a specific command for sudo, you *must* use *exactly* the
same command. In this case the slash at the end is missing.

'sudo -l' may be helpful.

best regards
Ulf
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: sudo

Rick Stevens-3
On 1/8/19 8:38 AM, Ulf Volmer wrote:

> On 08.01.19 10:57, Patrick Dupre wrote:
>
>> With visudo, I did
>> pdupre  localhost=/usr/bin/mount /dev/mapper/VolGrpUsr_DK0-home /mnt/USB/
>
>> sudo /usr/bin/mount /dev/mapper/VolGrpUsr_DK0-home /mnt/USB
>
> When you allow a specific command for sudo, you *must* use *exactly* the
> same command. In this case the slash at the end is missing.
>
> 'sudo -l' may be helpful.

You could also add an appropriate line to /etc/fstab and make sure the
"user" option is specified. Then any non-root user can mount that
filesystem. A line such as:

        /dev/mapper/VolGrpUsr_DK0-home /mnt/USB ext4 defaults,user 0 0

in /etc/fstab should permit any user to:

        $ mount /mnt/USB

and accomplish what you want (assuming, of course, that /mnt/USB has
appropriate permissions for the user). Not necessarily secure, but...
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital    [hidden email] -
- AIM/Skype: therps2        ICQ: 226437340           Yahoo: origrps2 -
-                                                                    -
-              Never eat anything larger than your head              -
----------------------------------------------------------------------
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: sudo

Patrick Dupre-4
In reply to this post by Ulf Volmer
Thank.

Right, but the behavior is exactly the same (with the /)
I need to find the glitch.

And

sudo -l /usr/bin/mount /dev/mapper/VolGrpUsr_DK0-home /mnt/USB/
[sudo] password for pdupre:
Sorry, user pdupre may not run sudo on Teucidide.

instead of:

pdupre is not allowed to run sudo on Teucidide.

===========================================================================
 Patrick DUPRÉ                                 | | email: [hidden email]
 Laboratoire de Physico-Chimie de l'Atmosphère | |
 Université du Littoral-Côte d'Opale           | |
===========================================================================


> Sent: Tuesday, January 08, 2019 at 5:38 PM
> From: "Ulf Volmer" <[hidden email]>
> To: [hidden email]
> Subject: Re: sudo
>
> On 08.01.19 10:57, Patrick Dupre wrote:
>
> > With visudo, I did
> > pdupre  localhost=/usr/bin/mount /dev/mapper/VolGrpUsr_DK0-home /mnt/USB/
>
> > sudo /usr/bin/mount /dev/mapper/VolGrpUsr_DK0-home /mnt/USB
>
> When you allow a specific command for sudo, you *must* use *exactly* the
> same command. In this case the slash at the end is missing.
>
> 'sudo -l' may be helpful.
>
> best regards
> Ulf
> _______________________________________________
> users mailing list -- [hidden email]
> To unsubscribe send an email to [hidden email]
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/users@...
>
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: sudo

Ulf Volmer
On 08.01.19 19:24, Patrick Dupre wrote:

> sudo -l /usr/bin/mount /dev/mapper/VolGrpUsr_DK0-home /mnt/USB/

I guess there was a misunderstanding. 'sudo -l' is a single command to
display the currently allowed rules. So you should try the commands:

sudo -l
sudo /usr/bin/mount /dev/mapper/VolGrpUsr_DK0-home /mnt/USB/

best regards
Ulf
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: sudo

Patrick Dupre-4
OK,

Sorry,

But again:

 sudo -l
[sudo] password for pdupre:
Sorry, user pdupre may not run sudo on Teucidide.


Same for sudo -i

===========================================================================
 Patrick DUPRÉ                                 | | email: [hidden email]
 Laboratoire de Physico-Chimie de l'Atmosphère | |
 Université du Littoral-Côte d'Opale           | |
===========================================================================


> Sent: Tuesday, January 08, 2019 at 7:30 PM
> From: "Ulf Volmer" <[hidden email]>
> To: [hidden email]
> Subject: Re: sudo
>
> On 08.01.19 19:24, Patrick Dupre wrote:
>
> > sudo -l /usr/bin/mount /dev/mapper/VolGrpUsr_DK0-home /mnt/USB/
>
> I guess there was a misunderstanding. 'sudo -l' is a single command to
> display the currently allowed rules. So you should try the commands:
>
> sudo -l
> sudo /usr/bin/mount /dev/mapper/VolGrpUsr_DK0-home /mnt/USB/
>
> best regards
> Ulf
> _______________________________________________
> users mailing list -- [hidden email]
> To unsubscribe send an email to [hidden email]
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/users@...
>
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: sudo

Ulf Volmer
On 08.01.19 19:58, Patrick Dupre wrote:

(Please do not top post)

>  sudo -l
> [sudo] password for pdupre:
> Sorry, user pdupre may not run sudo on Teucidide.

I think you have to replace localhost in your sudoers either with your
real hostname or with ALL.

best regards
Ulf
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: sudo

Rick Stevens-3
In reply to this post by Patrick Dupre-4
On 1/8/19 10:58 AM, Patrick Dupre wrote:

> OK,
>
> Sorry,
>
> But again:
>
>  sudo -l
> [sudo] password for pdupre:
> Sorry, user pdupre may not run sudo on Teucidide.
>
>
> Same for sudo -i

Uhm you ARE entering the password for user pdupre, right? Do NOT use
root's password, use your own.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital    [hidden email] -
- AIM/Skype: therps2        ICQ: 226437340           Yahoo: origrps2 -
-                                                                    -
-        Brain:  The organ with which we think that we think.        -
----------------------------------------------------------------------
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: sudo

Samuel Sieb
In reply to this post by Patrick Dupre-4
On 1/8/19 1:57 AM, Patrick Dupre wrote:
> I wanted that a user be able to do:
> mount /dev/mapper/VolGrpUsr_DK0-home /mnt/USB
>
> With visudo, I did
> pdupre  localhost=/usr/bin/mount /dev/mapper/VolGrpUsr_DK0-home /mnt/USB/
>
> (pdupre is also member of pdupre
> I tried also
> %pdupre  localhost=/usr/bin/mount /dev/mapper/VolGrpUsr_DK0-home /mnt/USB/)

What does the "hostname" command give you?  I would suggest using "ALL"
instead.

> But it does not work
> /usr/bin/mount /dev/mapper/VolGrpUsr_DK0-home /mnt/USB
> mount: only root can do that

The sudoers file doesn't affect trying to run commands directly.

> sudo /usr/bin/mount /dev/mapper/VolGrpUsr_DK0-home /mnt/USB
> [sudo] password for pdupre:
> pdupre is not allowed to run sudo on Teucidide.  This incident will be reported.
>
> I also tried to put pdupre as member of wheel, but it does not help.

You need to start a new shell after doing that.  Use the "id" command to
verify the group is set correctly.

I would also suggest adding a file to /etc/sudoers.d instead of
modifying the default /etc/sudoers file.
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: sudo

Samuel Sieb
In reply to this post by Rick Stevens-3
On 1/8/19 11:21 AM, Rick Stevens wrote:

> On 1/8/19 10:58 AM, Patrick Dupre wrote:
>>   sudo -l
>> [sudo] password for pdupre:
>> Sorry, user pdupre may not run sudo on Teucidide.
>>
>>
>> Same for sudo -i
>
> Uhm you ARE entering the password for user pdupre, right? Do NOT use
> root's password, use your own.

That would give different messages:
"Sorry, try again."
and
"sudo: 1 incorrect password attempt"
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: sudo

Joe Zeff
In reply to this post by Samuel Sieb
On 01/08/2019 12:23 PM, Samuel Sieb wrote:
>
> What does the "hostname" command give you?  I would suggest using "ALL"
> instead.

Not a good idea unless you really trust that user.  This lets that
person mount this partition when needed and nothing else.  (It might be
a good idea to allow umount for that partition as well, once mount works.)
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: sudo

Samuel Sieb
On 1/8/19 12:14 PM, Joe Zeff wrote:
> On 01/08/2019 12:23 PM, Samuel Sieb wrote:
>>
>> What does the "hostname" command give you?  I would suggest using
>> "ALL" instead.
>
> Not a good idea unless you really trust that user.  This lets that
> person mount this partition when needed and nothing else.  (It might be
> a good idea to allow umount for that partition as well, once mount works.)

You misunderstood.  I meant to use ALL instead of "localhost" for the
hostname field.  I should have added "instead of localhost" to that line.
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: sudo

Patrick Dupre-4
In reply to this post by Rick Stevens-3

> On 1/8/19 8:38 AM, Ulf Volmer wrote:
> > On 08.01.19 10:57, Patrick Dupre wrote:
> >
> >> With visudo, I did
> >> pdupre  localhost=/usr/bin/mount /dev/mapper/VolGrpUsr_DK0-home /mnt/USB/
> >
> >> sudo /usr/bin/mount /dev/mapper/VolGrpUsr_DK0-home /mnt/USB
> >
> > When you allow a specific command for sudo, you *must* use *exactly* the
> > same command. In this case the slash at the end is missing.
> >
> > 'sudo -l' may be helpful.
>
> You could also add an appropriate line to /etc/fstab and make sure the
> "user" option is specified. Then any non-root user can mount that
> filesystem. A line such as:
>
> /dev/mapper/VolGrpUsr_DK0-home /mnt/USB ext4 defaults,user 0 0
>
> in /etc/fstab should permit any user to:
>
> $ mount /mnt/USB

The problem is that it tries to mount at boot even if the drive is off



> and accomplish what you want (assuming, of course, that /mnt/USB has
> appropriate permissions for the user). Not necessarily secure, but...
> ----------------------------------------------------------------------
> - Rick Stevens, Systems Engineer, AllDigital    [hidden email] -
> - AIM/Skype: therps2        ICQ: 226437340           Yahoo: origrps2 -
> -                                                                    -
> -              Never eat anything larger than your head              -
> ----------------------------------------------------------------------
> _______________________________________________
> users mailing list -- [hidden email]
> To unsubscribe send an email to [hidden email]
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/users@...
>
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: sudo

Ulf Volmer
On 09.01.19 10:13, Patrick Dupre wrote:
>> $ mount /mnt/USB
>
> The problem is that it tries to mount at boot even if the drive is off

Add noauto as option to your fstab line.
This and other options are documented in 'man fstab'.

best regards
Ulf
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...
Reply | Threaded
Open this post in threaded view
|

Re: sudo

Rick Stevens-3
In reply to this post by Patrick Dupre-4
On 1/9/19 1:13 AM, Patrick Dupre wrote:

>
>> On 1/8/19 8:38 AM, Ulf Volmer wrote:
>>> On 08.01.19 10:57, Patrick Dupre wrote:
>>>
>>>> With visudo, I did
>>>> pdupre  localhost=/usr/bin/mount /dev/mapper/VolGrpUsr_DK0-home /mnt/USB/
>>>
>>>> sudo /usr/bin/mount /dev/mapper/VolGrpUsr_DK0-home /mnt/USB
>>>
>>> When you allow a specific command for sudo, you *must* use *exactly* the
>>> same command. In this case the slash at the end is missing.
>>>
>>> 'sudo -l' may be helpful.
>>
>> You could also add an appropriate line to /etc/fstab and make sure the
>> "user" option is specified. Then any non-root user can mount that
>> filesystem. A line such as:
>>
>> /dev/mapper/VolGrpUsr_DK0-home /mnt/USB ext4 defaults,user 0 0
>>
>> in /etc/fstab should permit any user to:
>>
>> $ mount /mnt/USB
>
> The problem is that it tries to mount at boot even if the drive is off

Then also set the "noauto" option:

        defaults,user,noauto

That requires a manual mount.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital    [hidden email] -
- AIM/Skype: therps2        ICQ: 226437340           Yahoo: origrps2 -
-                                                                    -
-                 All generalizations are false.                     -
----------------------------------------------------------------------
_______________________________________________
users mailing list -- [hidden email]
To unsubscribe send an email to [hidden email]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@...