![]() ![]() The sed command disables the #includedir directive that would allow any files in subdirectories to override these inline updates.The sed command does inline updates to the /etc/sudoers file to allow foo and root users passwordless access to the sudo group.See for example Set sudo password differently from login one. This can be altered by policy files such as /etc/sudoers. ![]() ![]() The home directory is set to /home/foo. It is usually your personal login password.The user foo is added to the both the foo and sudo group.Sed -i /etc/sudoers -re 's/^#includedir.*/# Removed the #include directive! #"/g' & \Ä®cho "Customized the sudoers file for passwordless access!" & \Ä®cho "foo ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers & \Ä®cho "root ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers & \Ä®cho "foo user:" su foo -c 'whoami & id' & \Ä®cho "root user:" su root -c 'whoami & id' Sed -i /etc/sudoers -re 's/^root.*/root ALL=(ALL:ALL) NOPASSWD: ALL/g' & \ Sed -i /etc/sudoers -re 's/^%sudo.*/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/g' & \ Useradd -U foo -m -s /bin/bash -p foo -G sudo & passwd -d foo & passwd -d root & \ This is how I've implemented the non-root, passwordless user in an ephemeral Docker Image for use in a CICD pipeline with the base image of ubuntu:18.04: RUN \ It looks like this: #includedir /etc/sudoers.d This is a sneaky little directive, as it appears to be a commented line upon first glance. Is it because the user nicholsonjf was inheriting sudo rights from the two group specifications of admin and sudo (seen below in the sudoers file), which were overriding the nicholsonjf user specification because they were further down in the config file?Īs I was researching this, I realized that there's a line in the /etc/sudoers file that is not a comment, but a directive that makes any file or folder under the directory /etc/sudoers/* override the contents of /etc/sudoers. I was only able to start running sudo commands as nicholsonjf once I removed nicholsonjf from the sudo and admin groups. However this did not work, and I was still prompted for my password every time I ran a command as nicholsonjf. # See sudoers(5) for more information on "#include" directives: # Allow members of group sudo to execute any command # Members of the admin group may gain root privileges You can also use aliases to simplify defining rules for groups of hosts, commands, and even users. The rules can apply to individual users and user groups. # See the man page for details on how to write a sudoers file.Äefaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" User authorizations in sudoers The /etc/sudoers file specifies which users can run which commands using the sudo command. # Please consider adding local content in /etc/sudoers.d/ instead of Initially, my only change to the sudoers file ( /etc/sudoers) was one line, a user specification that should have enabled nicholsonjf to run all commands with sudo without having to enter a password (see the line that starts with nicholsonjf): # This file MUST be edited with the 'visudo' command as root. I understand it's a huge security risk to enable NOPASSWD sudo. NOTE: I have made these changes on a dedicated machine running Ubuntu Desktop 13.04, that I use purely for learning purposes. Super easy fix.This is a fairly complex question related to the sudoers file and the sudo command in general. Thank you for laying out this information. I spent ages looking for this information last year and am so glad I finally was able to quickly take care of this impediment!! Not sure how I didn't find this when I was trying to figure this out a year ago. After you have set the password from that prompt you can get sudo privileges with that password.Then you can set a password, which you will probably want to be the same password that you just used if you want to keep it simple. So, in the shell that we just logged into, type the command Then from here you can set a new password that works in your crosh shell. Login as the user "root" and the password that you made while putting it into developer mode.Here is exactly what worked for my asus chromebook flip c302 chromeos ver 63. I made a root password while putting it into developer mode, but that password did not work in the crosh prompt (Ctrl + Alt + t). Took me a while to find all the relevant information on this page, but I was able to figure it out. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |