For the SuSE users:

Has anyone tried using sudo on SuSE.

I have both 9.0 and 9.2 and both version have bad implementations of sudo...

Reason:
In order to successfully issue a command with sudo, I need to enter in the root password?!?

Here's what I do

$ su -
# visudo
//then I add the following
//jdvilla ALL = ALL
#exit
$ sudo /etc/init.d/sshd restart
And in order for it to work, I need to enter in root's password. Doesn't that defeat the purpose?

On RHEL, Fedora, and Debian, sudo works as it's supposed to.

Anyone else experience this?

Have you tried the NOPASSWD option ?

[EDIT]
ADMIN BOX=NOPASSWD:RESTART

This is the thread I always use (http://www.justlinux.com/forum/showthread.php?s=&threadid=110678&highlight=sudo)

I've just installed 9.2 but havent tried sudo yet...

Using NOPASSWD will only get me by having to use a password when I use sudo.

What I'm referring to is the fact that I need to use the root password to use sudo as a normal user.

The very purpose of sudo is so that a normal user can perform administrative functions without knowing the administrator's password... a good security measure by design, bad by SuSE's implementation.

I wonder if this has anything to do with MS acquiring a sudo patent? Would Novell be trying to change sudo to avoid being hassled by MS?

Sorry I misread that :rolleyes:

Have you tried updating the sudo package?

Actually no :eek:

I should have done that right away...

I guess I'm just a little surprised that this is happening on both 9.0 and 9.2 out-of-the-box. Like if someone changed it on purpose...

"SuSE doesn't sudo"?

Sounds almost like a really geeky Ramones song!

It could be a bad package by Suse lets us know if updating helps.

Post your visudo file.

I had to comment out 1 or two lines to get it to work normally. I don't use SuSE anymore so I can't tell you which lines without looking. It was something near the top.

Ouch... I have headphones on right now... the kind that go right into your ear... and well I attempted that I'm behind a VERY restrictive firewall and tried an update...

Well you know how KDE on SuSE makes the noise of broken glass on some errors... trying hearing that right in your ear.... huh? :confused:

I'll try an update from ~/ tonight and update this post

# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

# User alias specification
# Cmnd alias specification

# Defaults specification
Defaults targetpw # ask for the password of the target user i.e. root
%users ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!

# User privilege specification
# You should not use sudo as root in an SELinux environment
# If you use SELinux, remove the following line
root ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL

# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL

# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
myusername ALL = ALL

Originally posted by jdvilla
# sudoers file.

# Defaults specification
Defaults targetpw # ask for the password of the target user i.e. root
%users ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!



Comment these two lines out. Basically this allows all users to use sudo, but they need to know the root password to do it. If you only comment out the Defaults targetpw, everyone would have full right with their own passwords.

thanks!!!

I never noticed that it does say

Ask for the password of the target user i.e. root

I guess I'm just used to RH and Debian... don't think those have a targetpw option by default.

Why would this be there? Seems silly to me....

thanks!!!

Not sure why it is that way. I guess they thought it was a good idea. Threw me for a curve when I switched from RH. Now I am on Slackware with no problems.

Originally posted by deathadder
It could be a bad package by Suse lets us know if updating helps.

This is the way it works for me (on SLES9). I run the command once, and enter the root password. From then on, as long as I stay logged in, I don't have to enter it again. I log out, and I have to enter it again.

Does this help?

Charles

thanks, but no...

Sudo should never ask you for the root password... well that's of course if you're not running SuSE :)

Sudo is used to grant nonprivileged users access to privileged commands/tasks.

If I need to enter in the root password, it defeats the purpose.


Say you have a developer who should only be able to start/stop Apache. If they needed to know the root password, then they have access to the entire system and your attempt and not giving them admin rights is futile

I guess the idea behind SUSE's default setting is to let the system administrator type in a single admin command no matter who is logged in and he doesn't have to worry about accidentally leaving a root shell open.

Well, my jerk answer is:

If the administrator has a problem leaving a root shell logged in, perhaps he/she doesn't deserve to be an administrator. A good administrator would understand certain security concepts and should be alert enough to not leave a root shell open....

Sorry, just wanted to say that before someone else did :)

Now, my real answer is:

It makes sense. I can imagine a busy admin searching for a file that HR said they lost and while updatedb is running or find is running, here comes the manager with a "bigger" problem and the admin needs to leave that post to help the manager...

or...

the admin is helping out a developer install apache and while ./configure --make-apache-really-secure=yes;make;make install is running, here comes the manager again... then when the admin leaves, the developer doesn't realize that they are in a root shell and begins to screw things up....

I agree with your hypothesis...I'll stop cursing SuSE now :)