Forum: >>> Magnum BBS <<<

[gentoo-user] Change in sudoers format?

From Walter Dnes@21:1/5 to All on Thu May 26 23:00:01 2022

I just ran an update and noticed that etc-update wants to change the
layout of /etc/sudoers, specifically...

######################################################################

##
## User privilege specification
##
-root ALL=(ALL) ALL
+root ALL=(ALL:ALL) ALL

## Uncomment to allow members of group wheel to execute any command
-# %wheel ALL=(ALL) ALL
+# %wheel ALL=(ALL:ALL) ALL

## Same thing without a password
-# %wheel ALL=(ALL) NOPASSWD: ALL
+# %wheel ALL=(ALL:ALL) NOPASSWD: ALL

## Uncomment to allow members of group sudo to execute any command
-# %sudo ALL=(ALL) ALL
+# %sudo ALL=(ALL:ALL) ALL

## Uncomment to allow any user to run sudo if they know the password
## of the user they are running the command as (root by default).
# Defaults targetpw # Ask for the password of the target user
-# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
+# ALL ALL=(ALL:ALL) ALL # WARNING: only use this together with 'Defaults targetpw'

######################################################################

...and similar changes for /etc/sudoers.dist. What is this about, and
should I go ahead?

--
Walter Dnes <waltdnes@waltdnes.org>
I don't run "desktop environments"; I run useful applications

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Michael@21:1/5 to All on Sun May 29 12:56:22 2022

On Thursday, 26 May 2022 21:54:50 BST Walter Dnes wrote:

I just ran an update and noticed that etc-update wants to change the
layout of /etc/sudoers, specifically...

######################################################################

##
## User privilege specification
##
-root ALL=(ALL) ALL
+root ALL=(ALL:ALL) ALL

[snip ...]

...and similar changes for /etc/sudoers.dist. What is this about, and
should I go ahead?

I can't recall how long ago the syntax changed to this format. I'm currently running 'app-admin/sudo1.9.10-r1' and it works as it should using the new syntax. Therefore I would think you can go ahead with accepting this change. -----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEXqhvaVh2ERicA8Ceseqq9sKVZxkFAmKTX2YACgkQseqq9sKV ZxlH9Q//Qusi+4BEtmD0aPuHiptcyDW7ziarXeBdz56eQJlOpCYhQ6Q8hIhSeqvB IqplO+cNjkIEnMT+EGlxNh2GHiSyOTDf9LrW6S07RUbpZaLGwrAw/G9IhiATd/Ig +/ALM8fWPWnamqK3lgU0H+Acmg9sbInbZqyhQ4L9wPgrkrEykqtq4WNxoHXhU4Jv s/Y0RI06lk7diPcHizhw/pdErLMaii0ozpSTawxrrWYrxyrfZ2+wMCALJVTN84eX q6RGAJjhPoUoFAkH+DTsji6rRLXf0HAwXbVxW5U5AGcmY8blM8wZIYsG4GD+BfMx aUavYWfukBwBck0753dUlc4jRi6hOvG7LoqP+afTUVCTAjl1JuLNliczPLhLLErd v+mz4mmKxX5LZ613YAaG0mUkyBMiOdSmsZyNw1gZy1laKCa/7ikzW/5L2vXAvRa/ n+mxksv4/EBnDLh8fX7qZRJ51LkH63oiJ0aKd30ASH271fisPRUAPoGHLrQrHMU8 f7vciKqK8iat9XWbMQiVCo/sdgquXcbUM3uPYZm3Whkrnj0VvDt0cl2KQ0MtS4u3 rzpdYWIoaoUa1dIBClsuY2FufPTLzYLPYk50lA31LnF8KCyOYv5F7Dzv7vlnI/sP ZChppOPARMheJ5pf8uL7BHkfeTkM2LMrnb9jEdHwl4paSG8xfdY=
=mdLa
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Peter Humphrey@21:1/5 to All on Sun May 29 15:50:01 2022

On Thursday, 26 May 2022 21:54:50 BST Walter Dnes wrote:

I just ran an update and noticed that etc-update wants to change the
layout of /etc/sudoers, specifically...

######################################################################

##
## User privilege specification
##
-root ALL=(ALL) ALL
+root ALL=(ALL:ALL) ALL

## Uncomment to allow members of group wheel to execute any command
-# %wheel ALL=(ALL) ALL
+# %wheel ALL=(ALL:ALL) ALL

## Same thing without a password
-# %wheel ALL=(ALL) NOPASSWD: ALL
+# %wheel ALL=(ALL:ALL) NOPASSWD: ALL

## Uncomment to allow members of group sudo to execute any command
-# %sudo ALL=(ALL) ALL
+# %sudo ALL=(ALL:ALL) ALL

## Uncomment to allow any user to run sudo if they know the password
## of the user they are running the command as (root by default).
# Defaults targetpw # Ask for the password of the target user
-# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw' +# ALL ALL=(ALL:ALL) ALL # WARNING: only use this together with 'Defaults targetpw'

######################################################################

...and similar changes for /etc/sudoers.dist. What is this about, and
should I go ahead?

I did it without thinking about it, and nothing untoward has befallen. Yet.

--
Regards,
Peter.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From wkuz@op.pl@21:1/5 to All on Sun May 29 17:50:01 2022

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQ0KSGFzaDogU0hBMjU2DQoNCkRuaWEg MjAyMi0wNS0yOSwgbyBnb2R6LiAxNDo0NzoxMg0KUGV0ZXIgSHVtcGhyZXkgPHBldGVyQHByaC5t eXplbi5jby51az4gbmFwaXNhxYIoYSk6DQoNCj4gT24gVGh1cnNkYXksIDI2IE1heSAyMDIyIDIx OjU0OjUwIEJTVCBXYWx0ZXIgRG5lcyB3cm90ZToNCj4gPiAgIEkganVzdCByYW4gYW4gdXBkYXRl IGFuZCBub3RpY2VkIHRoYXQgZXRjLXVwZGF0ZSB3YW50cyB0byBjaGFuZ2UNCj4gPiB0aGUgbGF5 b3V0IG9mIC9ldGMvc3Vkb2Vycywgc3BlY2lmaWNhbGx5Li4uDQo+ID4gDQo+ID4gICANCj4gIyMj IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj IyMjIyMjIyMjIw0KPiA+IA0KPiA+ICAjIw0KPiA+ICAjIyBVc2VyIHByaXZpbGVnZSBzcGVjaWZp Y2F0aW9uDQo+ID4gICMjDQo+ID4gLXJvb3QgQUxMPShBTEwpIEFMTA0KPiA+ICtyb290IEFMTD0o QUxMOkFMTCkgQUxMDQo+ID4gDQo+ID4gICMjIFVuY29tbWVudCB0byBhbGxvdyBtZW1iZXJzIG9m IGdyb3VwIHdoZWVsIHRvIGV4ZWN1dGUgYW55IGNvbW1hbmQNCj4gPiAtIyAld2hlZWwgQUxMPShB TEwpIEFMTA0KPiA+ICsjICV3aGVlbCBBTEw9KEFMTDpBTEwpIEFMTA0KPiA+IA0KPiA+ICAjIyBT YW1lIHRoaW5nIHdpdGhvdXQgYSBwYXNzd29yZA0KPiA+IC0jICV3aGVlbCBBTEw9KEFMTCkgTk9Q QVNTV0Q6IEFMTA0KPiA+ICsjICV3aGVlbCBBTEw9KEFMTDpBTEwpIE5PUEFTU1dEOiBBTEwNCj4g PiANCj4gPiAgIyMgVW5jb21tZW50IHRvIGFsbG93IG1lbWJlcnMgb2YgZ3JvdXAgc3VkbyB0byBl eGVjdXRlIGFueSBjb21tYW5kDQo+ID4gLSMgJXN1ZG8gICAgICAgIEFMTD0oQUxMKSBBTEwNCj4g PiArIyAlc3VkbyAgICAgICAgQUxMPShBTEw6QUxMKSBBTEwNCj4gPiANCj4gPiAgIyMgVW5jb21t ZW50IHRvIGFsbG93IGFueSB1c2VyIHRvIHJ1biBzdWRvIGlmIHRoZXkga25vdyB0aGUNCj4gPiBw YXNzd29yZCAjIyBvZiB0aGUgdXNlciB0aGV5IGFyZSBydW5uaW5nIHRoZSBjb21tYW5kIGFzIChy b290IGJ5DQo+ID4gZGVmYXVsdCkuICMgRGVmYXVsdHMgdGFyZ2V0cHcgICMgQXNrIGZvciB0aGUg cGFzc3dvcmQgb2YgdGhlIHRhcmdldA0KPiA+IHVzZXIgLSMgQUxMIEFMTD0oQUxMKSBBTEwgICMg V0FSTklORzogb25seSB1c2UgdGhpcyB0b2dldGhlciB3aXRoDQo+ID4gJ0RlZmF1bHRzIHRhcmdl dHB3JyArIyBBTEwgQUxMPShBTEw6QUxMKSBBTEwgICMgV0FSTklORzogb25seSB1c2UNCj4gPiB0 aGlzIHRvZ2V0aGVyIHdpdGggJ0RlZmF1bHRzIHRhcmdldHB3Jw0KPiA+IA0KPiA+ICAgDQo+ICMj IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj IyMjIyMjIyMjIyMNCj4gPiANCj4gPiAuLi5hbmQgc2ltaWxhciBjaGFuZ2VzIGZvciAvZXRjL3N1 ZG9lcnMuZGlzdC4gIFdoYXQgaXMgdGhpcyBhYm91dCwNCj4gPiBhbmQgc2hvdWxkIEkgZ28gYWhl YWQ/ICANCj4gDQo+IEkgZGlkIGl0IHdpdGhvdXQgdGhpbmtpbmcgYWJvdXQgaXQsIGFuZCBub3Ro aW5nIHVudG93YXJkIGhhcw0KPiBiZWZhbGxlbi4gWWV0Lg0KPiANCg0KQWZ0ZXIgcmVhZGluZyAn bWFuIHN1ZG9lcnMnIChlc3BlY2lhbGx5IHRoZSAnZXhhbXBsZXMnIHBhcnQpIEkgc2VlDQp0aGVy ZSdzIGEgc2xpZ2h0IGRpZmZlcmVuY2UgYmV0d2VlbiAoYWx0aG91Z2ggaW4gY2FzZSBvZiBnYWlu aW5nIHJvb3QNCnByaXZpbGVnZXMgaXQgaXMgb25seSBhIG1hdHRlciBvZiBhZXN0aGV0aWNzKToN CkxpbmU6DQp4eXoJQT0oQjpDKSBEDQptZWFuczoNClVzZXIgeHl6IGNhbiBleGFjdXRlIGNvbW1h bmQgRCBvbiBob3N0IEEgYXMgdXNlciBCIGluIGdyb3VwIEMNClRoZXJlZm9yZSBjaGFuZ2luZzoN CnJvb3QJQUxMPShBTEwpIEFMTA0KdG8NCnJvb3QJQUxMPShBTEw6QUxMKSBBTEwNCmlzIGp1c3Qg YSBtYXR0ZXIgb2YgY29uc2lzdGVuY3kgOykNCg0KLSAtLS0tDQp4V0sgDQotLS0tLUJFR0lOIFBH UCBTSUdOQVRVUkUtLS0tLQ0KDQppSFVFQVJFSUFCMFdJUVREMHJPbFJYVFZRVlB4SGQ0ZHFTWFZo T3FHcXdVQ1lwT1Z4UUFLQ1JBZHFTWFZoT3FHDQpxOUVzQVA5cVh3eThScXpFcXNMVThBaEdqUzdB YjVlaE4vMklGUnJYV1pIbm1TSXd4Z0QvV3lML2s5Umd6a0IrDQpmbjh5M2ZPUXpnZDhqeUprQm9T QTNyVEFxdjQrR3RFPQ0KPUcyVVENCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Grant Taylor@21:1/5 to wkuz@op.pl on Sun May 29 18:40:01 2022

On 5/29/22 9:48 AM, wkuz@op.pl wrote:

User xyz can exacute command D on host A as user B in group C

...

is just a matter of consistency ;)

The group that a command is run as starts to become much more germane
when you are using sudo to run commands as a different non-root user.
E.g. if you want to run commands as the Oracle user to manage things
about a database.

In some ways this is somewhat akin to setting the GID bit on a directory
so that newly created files inherit the group of the directory. At
least insofar as the type of situation that would necessitate the use of
this feature.

--
Grant. . . .
unix || die

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Walter Dnes@21:1/5 to All on Mon May 30 02:40:01 2022

Thanks for the comments everybody. I'll let etc-update do its thing.

--
Walter Dnes <waltdnes@waltdnes.org>
I don't run "desktop environments"; I run useful applications

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Keyop
  Mon May 27 18:30:49 2024
  from Huddersfield, West Yorkshire via SSH
- Bob Worm
  Mon May 27 14:35:17 2024
  from Wales, Uk via Telnet
- Cronus
  Tue May 28 16:47:32 2024
  from Provo, Ut via SSH
- Bob Worm
  Wed May 29 09:27:17 2024
  from Wales, Uk via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	303
Nodes:	16 (2 / 14)
Uptime:	74:53:32
Calls:	6,805
Calls today:	1
Files:	12,327
Messages:	5,400,052

[gentoo-user] Change in sudoers format?

Who's Online

Recent Visitors

System Info