Monday, September 8, 2008

visudo and echo

If you don't feel like opening up visudo to edit something like the /etc/sudoers file, just echo "user ALL=(ALL) ALL" >> /etc/sudoers. Nifty. Not sure of any security implications of doing this though...
Posted by Brandon Perry at 11:56 AM
Labels:

4 comments:

  1. PedahzurMonday, September 08, 2008 12:17:00 PM

    It's still much better to use visudo because it will validate the syntax of your file after you save and exit. I believe (but could be wrong) that a file with invalid syntax may disable sudo altogether. Much better to use visudo.

    ReplyDelete
  2. jorgeMonday, September 08, 2008 1:24:00 PM

    Yes, visudo is there for your protection. Though I've met plenty of people who have messed up their /etc/sudoers with a bad echo ... so I guess it's just something you have to do once to learn a lesson, heh.

    ReplyDelete
  3. John DongMonday, September 08, 2008 4:11:00 PM

    as others have said there is no difference if you are perfect. Otherwise sudo refuses to run with a syntax error and you are left ina very inconvenient situation

    ReplyDelete
  4. Raphaƫl PinsonTuesday, September 09, 2008 6:57:00 AM

    You also have to be logged as root to do that, otherwise you have to use 'echo "user ALL = (ALL) ALL" | sudo tee -a /etc/sudoers', but again using visudo ensures that you don't break sudo. If you happen to break sudo and have no root password (standard situation in Ubuntu), you can't even modify sudoers anymore!

    Btw, my way to do it might be something like:


    $ sudo augtool
    augtool> ins spec after /file /etc/sudoers/spec[last()]
    augtool> set /files/etc/sudoers/spec[last()]/user "user"
    augtool> set /files/etc/sudoers/spec[last()]/host_group/host "ALL"
    augtool> set /files/etc/sudoers/spec[last()]/host_group/command "ALL"
    augtool> set /files/etc/sudoers/spec[last()]/host_group/command/runas_user "ALL"
    augtool> save

    ReplyDelete

Subscribe to: Post Comments (Atom)