On Mon, Jun 29, 2020 at 12:30 AM ToddAndMargo via users
<users(a)lists.fedoraproject.org> wrote:
> On 2020-06-28 13:15, Tom H wrote:
>> On Sun, Jun 28, 2020 at 10:01 PM ToddAndMargo via users
>> <users(a)lists.fedoraproject.org> wrote:
>>> On 2020-06-28 12:16, ToddAndMargo via users wrote:
>>>> I am trying to use sudo to work around the following bug
>>>> I posted:
>>>>
>>>> ifdown access denied with USERCTL=yes
>>>>
https://bugzilla.redhat.com/show_bug.cgi?id=1828100
>>>>
>>>> I wish they'd fix the bug, but it does not seems like it
>>>> is every going to get any attention.
>>>>
>>>> So anyway, I fired up `sudovi` and added the following
>>>> at the end of /etc/sudo.conf`:
>>>>
>>>> ## Allows members of the users group to down eno2
>>>> %users ALL=/usr/libexec/nm-ifdown eno2
>>>>
>>>> Now when I run it from the command line, I get:
>>>>
>>>> $ /usr/libexec/nm-ifdown eno2
>>>> Error: failed to load connection: access denied.
>>>>
>>>> Questions:
>>>>
>>>> 1) I thought `sudovi` caused sudo to reread sudo.conf
>>>> on its exit. Am I mistaken? And if so, how do I
>>>> force a reread?
>>>>
>>>> 2) what is wrong with the syntax of the command I added
>>>> to sudo.conf?
>>
>> It's "/etc/sudoers.conf".
>
> Obviously not the right one.
Sorry. "/etc/sudoers".
> $ ls -al /etc/sudo.conf
> -rw-r--r--. 1 root root 3953 Mar 27 01:50 /etc/sudo.conf
>
> $ less /etc/sudu.conf
>
> #
> # Default /etc/sudo.conf file
> #
> # Sudo plugins:
> # Plugin plugin_name plugin_path plugin_options ...
> #
> # The plugin_path is relative to /usr/libexec/sudo unless
> # fully qualified.
> # The plugin_name corresponds to a global symbol in the plugin
> # that contains the plugin interface structure.
> # The plugin_options are optional.
> #
> # The sudoers plugin is used by default if no Plugin lines are present.
> Plugin sudoers_policy sudoers.so
> Plugin sudoers_io sudoers.so
This file isn't for setting up sudo privileges.
>> It's better to add a file, for example "/etc/sudoers.d/ifdown",
with
>> "visudo -f /etc/sudoers.d/ifdown".
>
> # ls /etc/sudoers.d
> pkg-build
>
> # grep -i nm-ifdown /etc/sudoers
> %users ALL= NOPASSWD: /usr/libexec/nm-ifdown eno2
Sure. But you'll have an rpmnew or an rpmsave file at the next sudo update.
>>> Ah ha! This worked:
>>>
>>> %users ALL= NOPASSWD: /usr/libexec/nm-ifdown eno2
>>
>> Better:
>>
>> %users ALL=(root) NOPASSWD: /usr/libexec/nm-ifdown
>
> I wanted the command to be specific to eno2
>>>
>>> Then
>>>
>>> $ sudo /usr/libexec/nm-ifdown eno2
>>>
>>> Connection 'eno2' successfully deactivated (D-Bus active path:
>>> /org/freedesktop/NetworkManager/ActiveConnection/2)
>>>
>>>
>>> and `sudovi` did cause the re-read as I thought
>>
>> There's no "sudovi". There's "visudo" to edit the
configuration and
>> there's "sudoedit" to edit a file as another user.
>
> I commonly will reverse letter.
>
> :'(
>
> does sudoedit reload the conf file when it exits?
There's no reload. The changes are effective immediately.