Web lists-archives.com

Re: Adding/modifying users under MATE DE




On Mon, Feb 04, 2019 at 12:29:47PM -0600, Richard Owlett wrote:
> On 02/04/2019 11:32 AM, tomas@xxxxxxxxxx wrote:
> >On Mon, Feb 04, 2019 at 10:34:22AM -0600, Richard Owlett wrote:

[...]

> >You are comfortable editing a text file? Because that's all it is
> >about.
> 
> You haven't lived if you never edited with a 026 or KSR35 ;/
> I've even used TECO.

That's even /before/ my time. And I'm an oldtimer :-)

> The process of editing is not the problem. The problem is
> vocabulary/syntax/grammar/spelling/... .
> A important point in mate-system-tools favor.

OK, so it is sudoer's syntax. This is understandable: the syntax
is quite general and the man page tends to present complex examples.

If you want to allow user richard to run, e.g. /usr/local/bin/backup
as root, without having to issue a password, you'd need a to put a
line (I'd be glad if somebody double-checks it: untested code ahead)

  richard   ALL =  NOPASSWD: /usr/local/bin/backup

somewhere in /etc/sudoers (or better, as David suggests, into a
new file below /etc/sudoers.d with a judiciously chosen name,
since /etc/sudoers specifies to include files in this directory)


  - 'richard' is the user spec (can be a list, an alias and some
              other things)
  - 'ALL' is the specifications for the hosts where this rule
          applies (i.e. all hosts, here)
  - 'NOPASSWD: is a tag that states that this rule doesn't
          require a password
  - last is the command (or a more complex command spec).
          Note that you can also specify parameters here.

This might get you started. The elements above can be replaced
by more general constructions (group aliases and things), which
you define elsewhere in the file.

The confusing generality can be explained by the fact that you
can distribute this file to many hosts unchanged, and it will
adapt to the host-specific policy.

> Visudo will forcefully prevent you from breaking the system.

It will try its best, but i doubt it is omniscient :)

> But it's unclear how much guidance it will a one editing those
> file(s) for the first time.

That's what the man page is supposed to do. But I must admit
that it was a bit confusing for me at first.

[...]

> I can cope {if grumpily} with any editor.
> I prefer Pluma, but that hardly qualifies as a console editor.
> I'm not about to blindly edit those files on my primary machine.
> I've alternate hardware for test cases but I'm much more interested
> is safely and conveniently to configure users to work on a
> INTERESTING problem.

It would be interesting to say EDITOR=/usr/bin/pluma visudo --
it just might work. Let us know :-)

Cheers
-- tomás

Attachment: signature.asc
Description: Digital signature