Various thoughts and projects that grab my attention for more than a few minutes.
Monday, September 8, 2008
visudo and echo
If you don't feel like opening up visudo to edit something like the /etc/sudoers file, just echo "user ALL=(ALL) ALL" >> /etc/sudoers. Nifty. Not sure of any security implications of doing this though...
It's still much better to use visudo because it will validate the syntax of your file after you save and exit. I believe (but could be wrong) that a file with invalid syntax may disable sudo altogether. Much better to use visudo.
Yes, visudo is there for your protection. Though I've met plenty of people who have messed up their /etc/sudoers with a bad echo ... so I guess it's just something you have to do once to learn a lesson, heh.
as others have said there is no difference if you are perfect. Otherwise sudo refuses to run with a syntax error and you are left ina very inconvenient situation
You also have to be logged as root to do that, otherwise you have to use 'echo "user ALL = (ALL) ALL" | sudo tee -a /etc/sudoers', but again using visudo ensures that you don't break sudo. If you happen to break sudo and have no root password (standard situation in Ubuntu), you can't even modify sudoers anymore!
Btw, my way to do it might be something like:
$ sudo augtool augtool> ins spec after /file /etc/sudoers/spec[last()] augtool> set /files/etc/sudoers/spec[last()]/user "user" augtool> set /files/etc/sudoers/spec[last()]/host_group/host "ALL" augtool> set /files/etc/sudoers/spec[last()]/host_group/command "ALL" augtool> set /files/etc/sudoers/spec[last()]/host_group/command/runas_user "ALL" augtool> save
It's still much better to use visudo because it will validate the syntax of your file after you save and exit. I believe (but could be wrong) that a file with invalid syntax may disable sudo altogether. Much better to use visudo.
ReplyDeleteYes, visudo is there for your protection. Though I've met plenty of people who have messed up their /etc/sudoers with a bad echo ... so I guess it's just something you have to do once to learn a lesson, heh.
ReplyDeleteas others have said there is no difference if you are perfect. Otherwise sudo refuses to run with a syntax error and you are left ina very inconvenient situation
ReplyDeleteYou also have to be logged as root to do that, otherwise you have to use 'echo "user ALL = (ALL) ALL" | sudo tee -a /etc/sudoers', but again using visudo ensures that you don't break sudo. If you happen to break sudo and have no root password (standard situation in Ubuntu), you can't even modify sudoers anymore!
ReplyDeleteBtw, my way to do it might be something like:
$ sudo augtool
augtool> ins spec after /file /etc/sudoers/spec[last()]
augtool> set /files/etc/sudoers/spec[last()]/user "user"
augtool> set /files/etc/sudoers/spec[last()]/host_group/host "ALL"
augtool> set /files/etc/sudoers/spec[last()]/host_group/command "ALL"
augtool> set /files/etc/sudoers/spec[last()]/host_group/command/runas_user "ALL"
augtool> save