1 |
-----BEGIN PGP SIGNED MESSAGE-----
|
2 |
Hash: SHA256
|
3 |
|
4 |
Dnia 2022-05-29, o godz. 14:47:12
|
5 |
Peter Humphrey <peter@××××××××××××.uk> napisał(a):
|
6 |
|
7 |
> On Thursday, 26 May 2022 21:54:50 BST Walter Dnes wrote: |
8 |
> > I just ran an update and noticed that etc-update wants to change |
9 |
> > the layout of /etc/sudoers, specifically... |
10 |
> > |
11 |
> > |
12 |
> ###################################################################### |
13 |
> > |
14 |
> > ## |
15 |
> > ## User privilege specification |
16 |
> > ## |
17 |
> > -root ALL=(ALL) ALL |
18 |
> > +root ALL=(ALL:ALL) ALL |
19 |
> > |
20 |
> > ## Uncomment to allow members of group wheel to execute any command |
21 |
> > -# %wheel ALL=(ALL) ALL |
22 |
> > +# %wheel ALL=(ALL:ALL) ALL |
23 |
> > |
24 |
> > ## Same thing without a password |
25 |
> > -# %wheel ALL=(ALL) NOPASSWD: ALL |
26 |
> > +# %wheel ALL=(ALL:ALL) NOPASSWD: ALL |
27 |
> > |
28 |
> > ## Uncomment to allow members of group sudo to execute any command |
29 |
> > -# %sudo ALL=(ALL) ALL |
30 |
> > +# %sudo ALL=(ALL:ALL) ALL |
31 |
> > |
32 |
> > ## Uncomment to allow any user to run sudo if they know the |
33 |
> > password ## of the user they are running the command as (root by |
34 |
> > default). # Defaults targetpw # Ask for the password of the target |
35 |
> > user -# ALL ALL=(ALL) ALL # WARNING: only use this together with |
36 |
> > 'Defaults targetpw' +# ALL ALL=(ALL:ALL) ALL # WARNING: only use |
37 |
> > this together with 'Defaults targetpw' |
38 |
> > |
39 |
> > |
40 |
> ###################################################################### |
41 |
> > |
42 |
> > ...and similar changes for /etc/sudoers.dist. What is this about, |
43 |
> > and should I go ahead? |
44 |
> |
45 |
> I did it without thinking about it, and nothing untoward has |
46 |
> befallen. Yet. |
47 |
> |
48 |
|
49 |
After reading 'man sudoers' (especially the 'examples' part) I see
|
50 |
there's a slight difference between (although in case of gaining root
|
51 |
privileges it is only a matter of aesthetics):
|
52 |
Line:
|
53 |
xyz A=(B:C) D
|
54 |
means:
|
55 |
User xyz can exacute command D on host A as user B in group C
|
56 |
Therefore changing:
|
57 |
root ALL=(ALL) ALL
|
58 |
to
|
59 |
root ALL=(ALL:ALL) ALL
|
60 |
is just a matter of consistency ;)
|
61 |
|
62 |
- ----
|
63 |
xWK
|
64 |
-----BEGIN PGP SIGNATURE-----
|
65 |
|
66 |
iHUEAREIAB0WIQTD0rOlRXTVQVPxHd4dqSXVhOqGqwUCYpOVxQAKCRAdqSXVhOqG
|
67 |
q9EsAP9qXwy8RqzEqsLU8AhGjS7Ab5ehN/2IFRrXWZHnmSIwxgD/WyL/k9RgzkB+
|
68 |
fn8y3fOQzgd8jyJkBoSA3rTAqv4+GtE=
|
69 |
=G2UQ
|
70 |
-----END PGP SIGNATURE----- |