Pergunte aqui
1

Sudo don"t ask password [solved]

perguntadas 2018-01-19 15:06:40 -0500

imagem do gravatar de Helvio

updated 2018-01-24 14:15:49 -0500

All operations using sudo are not asking for a password, how to solve this? I do not want an automatic password. I use Fedora 27 KDE

editar alterar tag assinalar como ofensivo fechar mesclar Excluir

7 Respostas

1

respondidas 2018-01-20 19:50:50 -0500

imagem do gravatar de jmt

I assume that your problem is that sometimes sudo asks for a password and sometimes not and you can't figure out why this happens.

From www.sudo.ws:

  • Sudo uses timestamp files to implement a "ticketing" system. When a user invokes sudo and enters their password, they are granted a ticket for 5 minutes (this timeout is configurable at compile-time). Each subsequent sudo command updates the ticket for another 5 minutes. This avoids the problem of leaving a root shell where others can physically get to your keyboard. There is also an easy way for a user to remove their ticket file, useful for placing in a .logout file.

This behaviour can be changed in the sudoers file by changing the value of the parameter timestamp_timeout

First edit the /etc/sudoers file using the command visudo

In the section where the Defaults specifications are located, insert the following line

Defaults timestamp_timeout = 0

Now the timeout for the user tickets is zero which means that sudo will always ask the password.

editar assinalar como ofensivo Excluir Link mais
0

respondidas 2018-01-24 14:12:18 -0500

imagem do gravatar de Helvio

updated 2018-01-24 14:13:55 -0500

I found the solution

System Settings

 All configurations

    Account details

        Users Manager

            I entered the password, because I believe it was blank and since my user is an administrator, he did not ask for a password

Now it's fixed!

editar assinalar como ofensivo Excluir Link mais
0

respondidas 2018-01-19 17:05:24 -0500

imagem do gravatar de Helvio

updated 2018-01-19 23:02:58 -0500

imagem do gravatar de florian

thanks for the answer, but the line is already commented, as below:

## Same thing without a password
# %wheel    ALL=(ALL)   NOPASSWD: ALL

More ideas or suggestions?

editar assinalar como ofensivo Excluir Link mais

Comentários

It needs to look exactly like this:

#%wheel ALL=(ALL)   NOPASSWD: ALL

The line that you quote isn't a comment and that's why you're not being asked for a password.

imagem do gravatar de sideburnssideburns ( 2018-01-19 17:12:39 -0500 )editar

? I'm not sure I follow you here, sideburns; the space following the # character is inconsequential; the line he quotes is, indeed, commented and will not take effect in his /etc/sudoers file.

imagem do gravatar de bitwiseoperatorbitwiseoperator ( 2018-01-20 06:19:37 -0500 )editar

Is correct?

## Allow root to run any commands anywhere 
root    ALL=(ALL)   ALL

## Allows members of the 'sys' group to run networking, software, 
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS

## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)   ALL

## Same thing without a password
# %wheel    ALL=(ALL)   NOPASSWD: ALL
imagem do gravatar de HelvioHelvio ( 2018-01-20 07:55:07 -0500 )editar

Before the latest edit, that line didn't have a # at the front, and wasn't a comment. The edit changed everything.

imagem do gravatar de sideburnssideburns ( 2018-01-20 13:26:22 -0500 )editar

please use the formatting preformatted text (symbol: 101010) when pasting text here. the# is otherwise interpreted as character to format text and it ends up looking the way it did.

imagem do gravatar de florianflorian ( 2018-01-20 22:10:57 -0500 )editar
0

respondidas 2018-01-20 06:24:44 -0500

It is important to always edit /etc/sudoers with the command visudo. That's a vim-based, sudoers-specific editing interface which performs sanity checks before it lets you commit changes to /etc/sudoers. This is particularly important when you're administering remote systems or any other system where you cannot directly log in as root, but must use sudo privileges; if you break /etc/sudoers, you'll lock yourself out of those essential privileges. So always use visudo.

That said, you likely have some sort of non-commented configuration directive in your /etc/sudoers file with "NOPASSWD" in it.

To figure out what your resulting set of privileges are for sudo, execute sudo -l as yourself; that should give you additional information about what commands you are able to run and which default entries apply to your user account.

Feel free to post your /etc/sudoers file, changing any group or user names (in a consistent way, of course) which you don't want to divulge, and we can likely isolate the issue for you if you cannot find it.

editar assinalar como ofensivo Excluir Link mais
0

respondidas 2018-01-23 19:20:48 -0500

imagem do gravatar de Helvio

I did this... but it did not work

editar assinalar como ofensivo Excluir Link mais
0

respondidas 2018-01-23 19:16:10 -0500

imagem do gravatar de Helvio

Same thing without a password

%wheel ALL=(ALL) NOPASSWD: ALL

I left one, two # and it did not work ...

I erased both lines and it did not work (then put them back)

editar assinalar como ofensivo Excluir Link mais
0

respondidas 2018-01-19 16:26:29 -0500

imagem do gravatar de sideburns

Welcome to ask.fedora. That's an odd issue you have, and a potential security hole. My guess is that you have something wrong in its configuration file, /etc/sudoers. Edit it with whatever text editor you prefer (You'll need to use sudo to edit it.) and look for a line that looks like this:

%wheel  ALL=(ALL)   NOPASSWD: ALL

Edit the line by adding # to the beginning, making it into a comment, then save and exit. I don't know if you'll have to reboot, but if you're not getting asked for a password after the edit, do so. This should clear the issue up, but do come back and let us know in either case.

editar assinalar como ofensivo Excluir Link mais

Ferramentas de perguntas

2 seguidores

Estatísticas

Perguntadas: 2018-01-19 15:06:40 -0500

Lidas: 1,142 vezes

Última atualização: Jan 24 '18