WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: [SOLVED] Require password for sudo command ?  (Read 11582 times)

Offline remus

  • Sr. Member
  • ****
  • Posts: 371
[SOLVED] Require password for sudo command ?
« on: May 20, 2013, 09:04:01 PM »
Hi all,

I'm looking into making my mc server a bit more secure, am and wondering if I can make the sudo command trigger a root password request ?

Thanks.
« Last Edit: May 20, 2013, 10:30:13 PM by remus »
Live long and prosper.

Offline althalus

  • Sr. Member
  • ****
  • Posts: 351
Re: Require password for sudo command ?
« Reply #1 on: May 20, 2013, 09:19:08 PM »
Set up a password for the tc user (type passwd)

type
Code: [Select]
sudo visudoLook for the following line:
Code: [Select]
tc     ALL=NOPASSWD: ALLChange it to:
Code: [Select]
tc     ALL=(ALL) ALL
Make sure you add /etc/shadow and /etc/sudoers to your backup. /etc/group might be needed in your backup too, but I don't think it's necessary.

Whatever you do, don't manually edit /etc/sudoers. Visudo protects you somewhat against typos and errors in your sudoers file.

Offline remus

  • Sr. Member
  • ****
  • Posts: 371
Re: Require password for sudo command ?
« Reply #2 on: May 20, 2013, 10:29:56 PM »
Thanks althalus

Your instructions are spot on :)
Live long and prosper.

Offline Lee

  • Hero Member
  • *****
  • Posts: 645
    • My Core wiki user page
Re: [SOLVED] Require password for sudo command ?
« Reply #3 on: May 21, 2013, 08:39:52 AM »
Not withstanding any syntax checks that it performs, does visudo actually -do- anything other than sudo some-other-editor would do?

I find that I'm more likely to foul something up due using anything "vi"-related than due to any obscure file syntax.  And the sudoers syntax doesn't look all that complex anyhow.

32 bit core4.7.7, Xprogs, Xorg-7.6, wbar, jwm  |  - Testing -
PPR, data persistence through filetool.sh          |  32 bit core 8.0 alpha 1
USB Flash drive, one partition, ext2, grub4dos  | Otherwise similar

Offline gerald_clark

  • TinyCore Moderator
  • Hero Member
  • *****
  • Posts: 4254
Re: [SOLVED] Require password for sudo command ?
« Reply #4 on: May 21, 2013, 08:44:49 AM »
Then set your VISUAL or EDITOR variable to whatever editor you prefer.

Offline Lee

  • Hero Member
  • *****
  • Posts: 645
    • My Core wiki user page
Re: [SOLVED] Require password for sudo command ?
« Reply #5 on: May 21, 2013, 09:46:32 AM »
Thanks gerald_clark - but with either or both of EDITOR and VISUAL set to another value, visudo still invokes vi or something that looks very like it.  So the question remains: does visudo do anything, besides syntax checking the output, that simply invoking a normal editor would not do?
32 bit core4.7.7, Xprogs, Xorg-7.6, wbar, jwm  |  - Testing -
PPR, data persistence through filetool.sh          |  32 bit core 8.0 alpha 1
USB Flash drive, one partition, ext2, grub4dos  | Otherwise similar

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 10252
Re: [SOLVED] Require password for sudo command ?
« Reply #6 on: May 21, 2013, 10:36:37 AM »
Hi Lee
Maybe you need to set those environmental variables for root?

Offline gerald_clark

  • TinyCore Moderator
  • Hero Member
  • *****
  • Posts: 4254
Re: [SOLVED] Require password for sudo command ?
« Reply #7 on: May 21, 2013, 10:50:38 AM »
Looks like it was compiled without $EDITOR support.

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 10252
Re: [SOLVED] Require password for sudo command ?
« Reply #8 on: May 21, 2013, 11:52:17 AM »
Hi Lee
Adding the following line to your sudoers file:
Code: [Select]
Defaults env_editorand setting the EDITOR variable for root will allow you to use a different editor.

Offline Lee

  • Hero Member
  • *****
  • Posts: 645
    • My Core wiki user page
Re: [SOLVED] Require password for sudo command ?
« Reply #9 on: May 21, 2013, 02:04:48 PM »
No Luck - it looks like w/o the $EDITOR support compiled in it doesn't honor that.

On the other hand, apparently there is no magic in visudo besides the syntax checking.
32 bit core4.7.7, Xprogs, Xorg-7.6, wbar, jwm  |  - Testing -
PPR, data persistence through filetool.sh          |  32 bit core 8.0 alpha 1
USB Flash drive, one partition, ext2, grub4dos  | Otherwise similar

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 10252
Re: [SOLVED] Require password for sudo command ?
« Reply #10 on: May 21, 2013, 02:19:24 PM »
Hi Lee
If I do:
Code: [Select]
sudo su
export EDITOR=editor
visudo
it opens sudoers using editor.

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 10252
Re: [SOLVED] Require password for sudo command ?
« Reply #11 on: May 21, 2013, 05:35:09 PM »
Hi Lee
Quote
No Luck - it looks like w/o the $EDITOR support compiled in it doesn't honor that.
From:
http://www.sudo.ws/visudo.man.html
Quote
There is a hard-coded list of one or more editors that visudo will use set at compile-time that may be overridden via the editor sudoers Default variable. This list defaults to vi. Normally, visudo does not honor the VISUAL or EDITOR environment variables unless they contain an editor in the aforementioned editors list. However, if visudo is configured with the --with-env-editor option or the env_editor Default variable is set in sudoers, visudo will use any the editor defines by VISUAL or EDITOR. Note that this can be a security hole since it allows the user to execute any program they wish simply by setting VISUAL or EDITOR.

Offline remus

  • Sr. Member
  • ****
  • Posts: 371
Re: [SOLVED] Require password for sudo command ?
« Reply #12 on: May 22, 2013, 07:48:13 PM »
Not sure if this is worth the calories burnt in brain effort, but the insults command appended to the Defaults line does not appear to be working, should I assume that its been left out of the frugal nature of microcore ?

Code: [Select]
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

# Custom Defaults
Defaults timestamp_timeout=2
Defaults passwd_timeout=1, insults

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL) ALL
tc      ALL=(ALL) ALL
Live long and prosper.

Offline tinypoodle

  • Hero Member
  • *****
  • Posts: 3857
Re: [SOLVED] Require password for sudo command ?
« Reply #13 on: May 22, 2013, 08:51:00 PM »
Not sure if this is worth the calories burnt in brain effort, but the insults command

Personally I have never heard of any such command on any system, but just guessing now, does it perhaps feature quotes of Linus related to udev, systemd et al?
"Software gets slower faster than hardware gets faster." Niklaus Wirth - A Plea for Lean Software (1995)

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 10252
Re: [SOLVED] Require password for sudo command ?
« Reply #14 on: May 22, 2013, 09:24:51 PM »
Here's a straightforward way to get visudo to use a different editor. Add a Defaults statement to sudoers like this:
Code: [Select]
Defaults editor=/usr/bin/editorTo use another editor, replace  /usr/bin/editor  with the name and path to your editor.