On Mon, Jun 29, 2020 at 12:30 AM ToddAndMargo via users
<users(a)lists.fedoraproject.org> wrote:
On 2020-06-28 13:15, Tom H wrote:
> On Sun, Jun 28, 2020 at 10:01 PM ToddAndMargo via users
> <users(a)lists.fedoraproject.org> wrote:
>> On 2020-06-28 12:16, ToddAndMargo via users wrote:
>>> I am trying to use sudo to work around the following bug
>>> I posted:
>>>
>>> ifdown access denied with USERCTL=yes
>>>
https://bugzilla.redhat.com/show_bug.cgi?id=1828100
>>>
>>> I wish they'd fix the bug, but it does not seems like it
>>> is every going to get any attention.
>>>
>>> So anyway, I fired up `sudovi` and added the following
>>> at the end of /etc/sudo.conf`:
>>>
>>> ## Allows members of the users group to down eno2
>>> %users ALL=/usr/libexec/nm-ifdown eno2
>>>
>>> Now when I run it from the command line, I get:
>>>
>>> $ /usr/libexec/nm-ifdown eno2
>>> Error: failed to load connection: access denied.
>>>
>>> Questions:
>>>
>>> 1) I thought `sudovi` caused sudo to reread sudo.conf
>>> on its exit. Am I mistaken? And if so, how do I
>>> force a reread?
>>>
>>> 2) what is wrong with the syntax of the command I added
>>> to sudo.conf?
>
> It's "/etc/sudoers.conf".
Obviously not the right one.
Sorry. "/etc/sudoers".
$ ls -al /etc/sudo.conf
-rw-r--r--. 1 root root 3953 Mar 27 01:50 /etc/sudo.conf
$ less /etc/sudu.conf
#
# Default /etc/sudo.conf file
#
# Sudo plugins:
# Plugin plugin_name plugin_path plugin_options ...
#
# The plugin_path is relative to /usr/libexec/sudo unless
# fully qualified.
# The plugin_name corresponds to a global symbol in the plugin
# that contains the plugin interface structure.
# The plugin_options are optional.
#
# The sudoers plugin is used by default if no Plugin lines are present.
Plugin sudoers_policy sudoers.so
Plugin sudoers_io sudoers.so
This file isn't for setting up sudo privileges.
> It's better to add a file, for example
"/etc/sudoers.d/ifdown", with
> "visudo -f /etc/sudoers.d/ifdown".
# ls /etc/sudoers.d
pkg-build
# grep -i nm-ifdown /etc/sudoers
%users ALL= NOPASSWD: /usr/libexec/nm-ifdown eno2
Sure. But you'll have an rpmnew or an rpmsave file at the next sudo update.
>> Ah ha! This worked:
>>
>> %users ALL= NOPASSWD: /usr/libexec/nm-ifdown eno2
>
> Better:
>
> %users ALL=(root) NOPASSWD: /usr/libexec/nm-ifdown
I wanted the command to be specific to eno2
>>
>> Then
>>
>> $ sudo /usr/libexec/nm-ifdown eno2
>>
>> Connection 'eno2' successfully deactivated (D-Bus active path:
>> /org/freedesktop/NetworkManager/ActiveConnection/2)
>>
>>
>> and `sudovi` did cause the re-read as I thought
>
> There's no "sudovi". There's "visudo" to edit the
configuration and
> there's "sudoedit" to edit a file as another user.
I commonly will reverse letter.
:'(
does sudoedit reload the conf file when it exits?
There's no reload. The changes are effective immediately.