Saturday, December 24, 2011

Interesting job/work life reading

In addition to the plethora of material out there on how to get a better handle on work environments, I found this article to be very apt for encouraging motivation and participation in any cooperative environment.


Tuesday, December 6, 2011

Funny things with Sudo

Sudo, that ever important, pervasive and pita tool that we use to run root commands on our systems. I learned something new about it yesterday - other than how easy it is to incorrectly configure it. It turns out that sudo has a nice facility for testing and showing you what user classes you match in the sudoers file. This turned out to be the key to figuring out why a neat shortcut wasn't working for me. I was trying to configure sudo with the NOPASSWD option so that I didn't have to type in the password every time I wanted to fire up a root command. Something like the following:
This line allows the ivan user to run any command, as any user, on any system, WITHOUT having to type in ivan's password. The problem is that for some reason the system still asked for ivan's password. After a bit of digging, I discovered that the following can be used to figure out which user lines you match in the sudoers file:
sudo -l
Which provides output like the following:
User ivan may run the following commands on this host:
It turns out, there's a line in /etc/sudoers that allows anyone in the wheel group the ability to run commands, as any user, on any system, PROVIDED they type in their password correctly. And that's exactly what we see above, there are two lines that this user matches, since ivan is in the wheel group. To correct this, either allow the wheel group to run with NOPASSWD (not ideal), remove NOPASSWD from ivan's entry (ideal), or remove ivan from the wheel group. Fun!