Hi guys
I have a little problem here; trying to run sudo ip and sudo iptables and have it ask no password. But I cannot do it…
This is my /etc/sudoers file
#root ALL=(ALL) ALL
spiros ALL=(ALL) ALL
spiros ALL=(ALL) NOPASSWD: /usr/bin/ip,/usr/bin/iptables
@includedir /etc/sudoers.d
Waht am I doing wrong?
Thanks!
This one worked just fine!
Can I restrict this behaviour to just two commands (ip and iptables)?
Try simple:
spiros ALL = (root) NOPASSWD: /usr/bin/ip
spiros ALL = (root) NOPASSWD: /usr/bin/iptables
See: sudoers(5) — sudo-ldap — Debian buster — Debian Manpages or man sudoers (section Examples)
Also make sure to start a new session for the changes of the configuration to take effect.
You can at any point check what config is currently applied with sudo -l
I have reverted the changes previously done (in /etc/sudoers.d/01-skip_auth and /etc/polkit-1/rules.d/49-nopasswd_global.rules) and applied the NOPPASSWD: COMMAD ones.
This is what I get:
$ sudo -l
Runas and Command-specific defaults for spiros:
Defaults!/etc/ctdb/statd-callout !requiretty
User spiros may run the following commands on XXXX:
(ALL) NOPASSWD: /usr/bin/ip
(ALL) NOPASSWD: /usr/bin/iptables
(ALL) ALL
$ sudo iptables -L -nv --line-numbers
[sudo] password for spiros:
I did not just started a new session, I rebooted, but no joy…
Does which iptables give the same as what you have put in there?
This part looks suspicious to me also:
I would remove the ALL=(ALL) ALL part, because that is being applied before the next line…
@FadeMind
I stand corrected, its been a while since i did any sudo config…
Looking at the man page and that screenshot: Looks like @sng forgot to place spaces around the = char…
Hell now my brains are totally fried 
/me goes to play a game to reset
Ok, done. The screenshot made all the difference!
This is what I have now:
$ sudo -l
Matching Defaults entries for spiros on home:
env_reset
Runas and Command-specific defaults for spiros:
Defaults!/etc/ctdb/statd-callout !requiretty
User spiros may run the following commands on home:
(ALL) ALL
(root) NOPASSWD: /usr/bin/iptables
(root) NOPASSWD: /usr/bin/ip
The (ALL) ALL was previously included by /etc/sudoers.d/10-installer.
So, I moved the includedir at the top of /etc/sudoers.
File: /etc/sudoers
Defaults env_reset
@includedir /etc/sudoers.d
spiros ALL=(root) NOPASSWD: /usr/bin/iptables
spiros ALL=(root) NOPASSWD: /usr/bin/ip
File: /etc/sudoers.d/10-installer
%wheel ALL=(ALL) ALL
spiros is member of wheel
File: /etc/sudoers.d/ctdb
Defaults!/etc/ctdb/statd-callout !requiretty
rpcuser ALL=(ALL) NOPASSWD: /etc/ctdb/statd-callout
Thank you all very much.
There was no way I could do it without your help (well, not before 2021-2022, that is 
)
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.