Gentoo Archives: gentoo-user

From: "wkuz@××.pl" <wkuz@××.pl>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Change in sudoers format?
Date: Sun, 29 May 2022 15:48:47
Message-Id: 20220529174821.61c1f18f@hedgy
In Reply to: Re: [gentoo-user] Change in sudoers format? by Peter Humphrey
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA256
3
4 Dnia 2022-05-29, o godz. 14:47:12
5 Peter Humphrey <peter@××××××××××××.uk> napisał(a):
6
7 > On Thursday, 26 May 2022 21:54:50 BST Walter Dnes wrote:
8 > > I just ran an update and noticed that etc-update wants to change
9 > > the layout of /etc/sudoers, specifically...
10 > >
11 > >
12 > ######################################################################
13 > >
14 > > ##
15 > > ## User privilege specification
16 > > ##
17 > > -root ALL=(ALL) ALL
18 > > +root ALL=(ALL:ALL) ALL
19 > >
20 > > ## Uncomment to allow members of group wheel to execute any command
21 > > -# %wheel ALL=(ALL) ALL
22 > > +# %wheel ALL=(ALL:ALL) ALL
23 > >
24 > > ## Same thing without a password
25 > > -# %wheel ALL=(ALL) NOPASSWD: ALL
26 > > +# %wheel ALL=(ALL:ALL) NOPASSWD: ALL
27 > >
28 > > ## Uncomment to allow members of group sudo to execute any command
29 > > -# %sudo ALL=(ALL) ALL
30 > > +# %sudo ALL=(ALL:ALL) ALL
31 > >
32 > > ## Uncomment to allow any user to run sudo if they know the
33 > > password ## of the user they are running the command as (root by
34 > > default). # Defaults targetpw # Ask for the password of the target
35 > > user -# ALL ALL=(ALL) ALL # WARNING: only use this together with
36 > > 'Defaults targetpw' +# ALL ALL=(ALL:ALL) ALL # WARNING: only use
37 > > this together with 'Defaults targetpw'
38 > >
39 > >
40 > ######################################################################
41 > >
42 > > ...and similar changes for /etc/sudoers.dist. What is this about,
43 > > and should I go ahead?
44 >
45 > I did it without thinking about it, and nothing untoward has
46 > befallen. Yet.
47 >
48
49 After reading 'man sudoers' (especially the 'examples' part) I see
50 there's a slight difference between (although in case of gaining root
51 privileges it is only a matter of aesthetics):
52 Line:
53 xyz A=(B:C) D
54 means:
55 User xyz can exacute command D on host A as user B in group C
56 Therefore changing:
57 root ALL=(ALL) ALL
58 to
59 root ALL=(ALL:ALL) ALL
60 is just a matter of consistency ;)
61
62 - ----
63 xWK
64 -----BEGIN PGP SIGNATURE-----
65
66 iHUEAREIAB0WIQTD0rOlRXTVQVPxHd4dqSXVhOqGqwUCYpOVxQAKCRAdqSXVhOqG
67 q9EsAP9qXwy8RqzEqsLU8AhGjS7Ab5ehN/2IFRrXWZHnmSIwxgD/WyL/k9RgzkB+
68 fn8y3fOQzgd8jyJkBoSA3rTAqv4+GtE=
69 =G2UQ
70 -----END PGP SIGNATURE-----

Replies

Subject Author
Re: [gentoo-user] Change in sudoers format? Grant Taylor <gtaylor@×××××××××××××××××××××.net>