I am using SUSE Linux Enterprise Server 10 SP2 (i586) and I had earlier ammended my sudoers file to allow users to become root user with "sudo su - " command
Now I am trying to add multiple users to the sudoers file to run several commands such as restarting the server, restarting the nagios services and for test purposes to edit the sudoers file (won't be implemented, it's just for test purposes)
When I had defined the host, user, and command alias in the sudoers life as such, I wasn't able to save the file. I kept getting this message:
>>> sudoers file: syntax error, line 13 <<<
sudo: parse error in /etc/sudoers near line 13
followed by options if I'd like to continue to edit, quit or save and exit (dangerous)
And this is how my sudo file look like:
my-mnag0:/etc # more sudoers
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
# Host alias specification
Host_Alias LAN = my-mnag.os.itelligence.com.my
# User alias specification
User_Alias GHELPDESK = test
# Cmnd alias specification
Cmnd_Alias SUDO = visudo
# Defaults specification
Defaults logfile=/var/log/sudo.log, log_year
# prevent environment variables from influencing programs in an
# unexpected or harmful way (CVE-2005-2959, CVE-2005-4158,
# CVE-2006-0151)
Defaults always_set_home
Defaults env_reset
# In the default (unconfigured) configuration, sudo asks for the root password.
# This allows use of an ordinary user account for administration of a freshly
# installed system. When configuring sudo, delete the two
# following lines:
#Defaults targetpw # ask for the password of the target user i.e. root
#ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!
# Runas alias specification
GHELPDESK LAN = SUDO
# User privilege specification
root ALL=(ALL) ALL
%wheel ALL=(ALL) ALL
%infra ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h no
changes are in different color and in bold
So what did I do wrong?
And yes, user test exists on the server:
my-mnag0:/etc # finger test
Login: test Name: test
Directory: /home/test Shell: /bin/sh
Never logged in.
No Mail.
No Plan.
my-mnag0:/etc #
I made the changes above but when i logged on as test user I am still not able to edit the sudoers file, I am getting permission denied & command not found error:
my-mnag0:~$ cd /etc
my-mnag0:/etc$ visudo
-sh: visudo: command not found
my-mnag0:/etc$ vi sudoers
---------- Post updated at 07:39 PM ---------- Previous update was at 07:36 PM ----------
and when a normal user attempted to "sudo su -" to become root it fails because of this parse error in sudoers file
my9849
my9849@my-mnag0:~> sudo su -
>>> sudoers file: syntax error, line 17 <<<
sudo: parse error in /etc/sudoers near line 17
my-mnag0:~ # visudo
Warning: undeclared Cmnd_Alias `SUDO' referenced near line 39
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
# Host alias specification
Host_Alias LAN = my-mnag.os.itelligence.com.my
# User alias specification
User_Alias GHELPDESK = test
# Cmnd alias specification
Cmnd_Alias SUDO = visudo
# Defaults specification
Defaults log_year, logfile=/var/log/sudo.log
# prevent environment variables from influencing programs in an
# unexpected or harmful way (CVE-2005-2959, CVE-2005-4158,
# CVE-2006-0151)
Defaults always_set_home
Defaults env_reset
# In the default (unconfigured) configuration, sudo asks for the root password.
# This allows use of an ordinary user account for administration of a freshly
# installed system. When configuring sudo, delete the two
# following lines:
#Defaults targetpw # ask for the password of the target user i.e. root
#ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!
# Runas alias specification
GHELPDESK LAN = SUDO
# User privilege specification
root ALL=(ALL) ALL
%wheel ALL=(ALL) ALL
%infra ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
so i had to login as root and revert all changes, would it work if i defined at the end of the sudoers file with specific commands for multiple users?
And while running the command you still need to give the full path:
> sudo /usr/sbin/visudo
I would also recommend you to use Yast, I know you may not be used to it, but it works like a charm once you get confident with it.
You can find free training materials at the link below, they are a little bit old, but as you are dealing with SLES 10, you will not notice it.
anyways I just amended what you had provided and guess what?
my-mnag0:~$ sudo /usr/sbin/visudo
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
test's password:
test is not allowed to run sudo on my-mnag0. This incident will be reported.
do i have to add test user to sysadm group or something?
my-mnag0:~$ sudo /usr/sbin/visudo
test's password:
test is not allowed to run sudo on my-mnag0. This incident will be reported.
my-mnag0:~$ date
Fri Dec 2 12:12:24 MYT 2011
# Host alias specification
Host_Alias LAN = my-mnag.os.itelligence.com.my
# User alias specification
User_Alias GHELPDESK = test
# Cmnd alias specification
Cmnd_Alias SUDO = /usr/bin/visudo
# Defaults specification
Defaults log_year, logfile=/var/log/sudo.log
# prevent environment variables from influencing programs in an
# unexpected or harmful way (CVE-2005-2959, CVE-2005-4158,
# CVE-2006-0151)
Defaults always_set_home
Defaults env_reset
# In the default (unconfigured) configuration, sudo asks for the root password.
# This allows use of an ordinary user account for administration of a freshly
# installed system. When configuring sudo, delete the two
# following lines:
#Defaults targetpw # ask for the password of the target user i.e. root
#ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!
# Runas alias specification
Runas_Alias ROOT = root
# User privilege specification
root ALL=(ALL) ALL
%wheel ALL=(ALL) ALL
%infra ALL=(ALL) ALL
GHELPDESK LAN = (ROOT) SUDO
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
#%test localhost=/sbin/shutdown -h now
can we try with a different command? (i.e start stop a service such as httpd or something like that)
---------- Post updated 12-02-11 at 01:04 AM ---------- Previous update was 12-01-11 at 10:29 PM ----------
Sorry to be a bother, how do i make this work for multiple users? I added a second user separated with a comma but it didnt work for the second user "test2"
---------- Post updated at 01:07 AM ---------- Previous update was at 01:04 AM ----------
