On Sun, 28 Jun 2020 12:16:20 -0700 ToddAndMargo via users wrote: > $ /usr/libexec/nm-ifdown eno2 You have to run "sudo /usr/libexec/nm-ifdown"

Am 28.06.2020 um 21:40 schrieb ToddAndMargo via users: > On 2020-06-28 12:29, Tom Horsley wrote: >> On Sun, 28 Jun 2020 12:16:20 -0700 >> ToddAndMargo via users wrote: >> >>>        $ /usr/libexec/nm-ifdown eno2 >> >> You have to run "sudo /usr/libexec/nm-ifdown" > > > $ sudo /usr/libexec/nm-ifdown eno2 > [sudo] password for todd > > > I am trying to get /etc/sudo.conf to bypass the need > to enter the password prompt man 5 sudoers /NOPASSWD Alexander

On 2020-06-28 12:16, ToddAndMargo via users wrote: > > I am trying to use sudo to work around the following bug > I posted: > > ifdown access denied with USERCTL=yes > https://bugzilla.redhat.com/show_bug.cgi?id=1828100 > > I wish they'd fix the bug, but it does not seems like it > is every going to get any attention. > > So anyway, I fired up `sudovi` and added the following > at the end of /etc/sudo.conf`: > > ## Allows members of the users group to down eno2 > %users ALL=/usr/libexec/nm-ifdown eno2 > > Now when I run it from the command line, I get: > > $ /usr/libexec/nm-ifdown eno2 > Error: failed to load connection: access denied. > > Questions: > > 1) I thought `sudovi` caused sudo to reread sudo.conf > on its exit. Am I mistaken? And if so, how do I > force a reread? > > 2) what is wrong with the syntax of the command I added > to sudo.conf?

Ah ha! This worked: %users ALL= NOPASSWD: /usr/libexec/nm-ifdown eno2

Then $ sudo /usr/libexec/nm-ifdown eno2 Connection 'eno2' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2) and `sudovi` did cause the re-read as I thought

does sudoedit reload the conf file when it exits?

On 2020-06-28 16:01, Ed Greshko wrote: > On 2020-06-29 06:30, ToddAndMargo via users wrote: >> does sudoedit reload the conf file when it exits? > > The purpose of sudoedit is different than visudo. > > Check the man page for visudo and what it does.  Note that it performs syntax checking and other > things when editing the sudoers file. > Do you know the answer to my original question (reload on exit)?

On 2020-06-28 17:58, Ed Greshko wrote: > I've used plain old vi to edit the /etc/sudoers file and the change take effect immediately. This must have changed in the last few releases.  I always had to use sudovi or reboot.  I never got away with just vi

On 2020-06-28 18:18, Ed Greshko wrote: > On 2020-06-29 09:17, ToddAndMargo via users wrote: >> On 2020-06-28 17:58, Ed Greshko wrote: >>> I've used plain old vi to edit the /etc/sudoers file and the change take effect immediately. >> >> This must have changed in the last few releases.  I always >> had to use sudovi or reboot.  I never got away with just vi >> > > No changes as far as I know.  I've used vi years ago, and I just used it now to confirm. > > I was using RHEL clones for a long time.  Nothing worked real well in them.  Maybe I am remembering then.  Probably so as I dislike sudo and use beesu and su instead most of the time

On 2020-06-28 18:39, Ed Greshko wrote: >> I was using RHEL clones for a long time.  Nothing >> worked real well in them.  Maybe I am remembering >> then.  Probably so as I dislike sudo and use beesu >> and su instead most of the time >> > Well, I just fired up my centos7 and centos8 VM's and both worked fine using just vi. > > beesu is simply a wrapper around su but does give you gui like interface.  I think I used it once a > long time ago. I must be getting old on the sudovi thing.  I remember it being a real pian-in-the-neck.

On 2020-06-28 13:15, Tom H wrote: > On Sun, Jun 28, 2020 at 10:01 PM ToddAndMargo via users > <users(a)lists.fedoraproject.org&gt; wrote: >> On 2020-06-28 12:16, ToddAndMargo via users wrote: >>> >>> I am trying to use sudo to work around the following bug >>> I posted: >>> >>>       ifdown access denied with USERCTL=yes >>>       https://bugzilla.redhat.com/show_bug.cgi?id=1828100 >>> >>> I wish they'd fix the bug, but it does not seems like it >>> is every going to get any attention. >>> >>> So anyway, I fired up `sudovi` and added the following >>> at the end of /etc/sudo.conf`: >>> >>>        ## Allows members of the users group to down eno2 >>>        %users  ALL=/usr/libexec/nm-ifdown eno2 >>> >>> Now when I run it from the command line, I get: >>> >>>        $ /usr/libexec/nm-ifdown eno2 >>>        Error: failed to load connection: access denied. >>> >>> Questions: >>> >>> 1) I thought `sudovi` caused sudo to reread sudo.conf >>>      on its exit.   Am I mistaken?  And if so, how do I >>>      force a reread? >>> >>> 2) what is wrong with the syntax of the command I added >>>      to sudo.conf? > > It's "/etc/sudoers.conf". Hi Tom, Obviously not the right one. $ ls -al /etc/sudo.conf -rw-r--r--. 1 root root 3953 Mar 27 01:50 /etc/sudo.conf $ less /etc/sudu.conf # # Default /etc/sudo.conf file # # Sudo plugins: #   Plugin plugin_name plugin_path plugin_options ... # # The plugin_path is relative to /usr/libexec/sudo unless #   fully qualified. # The plugin_name corresponds to a global symbol in the plugin #   that contains the plugin interface structure. # The plugin_options are optional. # # The sudoers plugin is used by default if no Plugin lines are present. Plugin sudoers_policy sudoers.so Plugin sudoers_io sudoers.so ... > > It's better to add a file, for example "/etc/sudoers.d/ifdown", with > "visudo -f /etc/sudoers.d/ifdown". # ls /etc/sudoers.d pkg-build # grep -i nm-ifdown /etc/sudoers %users  ALL= NOPASSWD: /usr/libexec/nm-ifdown eno2 > > >> Ah ha! This worked: >> >> %users  ALL= NOPASSWD: /usr/libexec/nm-ifdown eno2 > > Better: > > %users ALL=(root) NOPASSWD: /usr/libexec/nm-ifdown I wanted the command to be specific to eno2 >> Then >> >> $ sudo /usr/libexec/nm-ifdown eno2 >> >> Connection 'eno2' successfully deactivated (D-Bus active path: >> /org/freedesktop/NetworkManager/ActiveConnection/2) >> >> >> and `sudovi` did cause the re-read as I thought > > There's no "sudovi". There's "visudo" to edit the configuration and > there's "sudoedit" to edit a file as another user. I commonly will reverse letter. :'( does sudoedit reload the conf file when it exits? Thank you! -T

On 2020-06-28 17:58, jdow wrote: > > > On 20200628 15:30:34, ToddAndMargo via users wrote: >> On 2020-06-28 13:15, Tom H wrote: >>> On Sun, Jun 28, 2020 at 10:01 PM ToddAndMargo via users >>> <users(a)lists.fedoraproject.org&gt; wrote: >>>> On 2020-06-28 12:16, ToddAndMargo via users wrote: >>>>> >>>>> I am trying to use sudo to work around the following bug >>>>> I posted: >>>>> >>>>>       ifdown access denied with USERCTL=yes >>>>>       https://bugzilla.redhat.com/show_bug.cgi?id=1828100 >>>>> >>>>> I wish they'd fix the bug, but it does not seems like it >>>>> is every going to get any attention. >>>>> >>>>> So anyway, I fired up `sudovi` and added the following >>>>> at the end of /etc/sudo.conf`: >>>>> >>>>>        ## Allows members of the users group to down eno2 >>>>>        %users  ALL=/usr/libexec/nm-ifdown eno2 >>>>> >>>>> Now when I run it from the command line, I get: >>>>> >>>>>        $ /usr/libexec/nm-ifdown eno2 >>>>>        Error: failed to load connection: access denied. >>>>> >>>>> Questions: >>>>> >>>>> 1) I thought `sudovi` caused sudo to reread sudo.conf >>>>>      on its exit.   Am I mistaken?  And if so, how do I >>>>>      force a reread? >>>>> >>>>> 2) what is wrong with the syntax of the command I added >>>>>      to sudo.conf? >>> >>> It's "/etc/sudoers.conf". >> >> Hi Tom, >> >> Obviously not the right one. >> >> $ ls -al /etc/sudo.conf >> -rw-r--r--. 1 root root 3953 Mar 27 01:50 /etc/sudo.conf >> >> >> $ less /etc/sudu.conf >> >> # >> # Default /etc/sudo.conf file >> # >> # Sudo plugins: >> #   Plugin plugin_name plugin_path plugin_options ... >> # >> # The plugin_path is relative to /usr/libexec/sudo unless >> #   fully qualified. >> # The plugin_name corresponds to a global symbol in the plugin >> #   that contains the plugin interface structure. >> # The plugin_options are optional. >> # >> # The sudoers plugin is used by default if no Plugin lines are present. >> Plugin sudoers_policy sudoers.so >> Plugin sudoers_io sudoers.so >> ... >> >> >>> >>> It's better to add a file, for example "/etc/sudoers.d/ifdown", with >>> "visudo -f /etc/sudoers.d/ifdown". >> >> >> # ls /etc/sudoers.d >> pkg-build >> >> # grep -i nm-ifdown /etc/sudoers >> %users  ALL= NOPASSWD: /usr/libexec/nm-ifdown eno2 >> >>> >>> >>>> Ah ha! This worked: >>>> >>>> %users  ALL= NOPASSWD: /usr/libexec/nm-ifdown eno2 >>> >>> Better: >>> >>> %users ALL=(root) NOPASSWD: /usr/libexec/nm-ifdown >> >> I wanted the command to be specific to eno2 >> >>>> Then >>>> >>>> $ sudo /usr/libexec/nm-ifdown eno2 >>>> >>>> Connection 'eno2' successfully deactivated (D-Bus active path: >>>> /org/freedesktop/NetworkManager/ActiveConnection/2) >>>> >>>> >>>> and `sudovi` did cause the re-read as I thought >>> >>> There's no "sudovi". There's "visudo" to edit the configuration and >>> there's "sudoedit" to edit a file as another user. >> >> I commonly will reverse letter. >> >> :'( >> >> does sudoedit reload the conf file when it exits? >> >> Thank you! >> >> -T > > May I suggest creating a two line script file? > > Name it "eno2down" > > #!/bin/bash > /usr/libexec/nm-ifdown eno2 > > > Then your sudo command can be "sudo eno2down". > > Store it in /usr/local/bin for everybody. > > {^_^}   Joanne Hi Joanne, I am ahead of you on that one:     $ StartStopEth1     Usage: ./StartStopEth1 {start|stop|status}      (case sensitive) It is 145 lines long! I am currently switching all my bash programs over to Raku (perl 6).   Got some humdingers too! -T

On 2020-06-28 13:15, Tom H wrote: > On Sun, Jun 28, 2020 at 10:01 PM ToddAndMargo via users > <users(a)lists.fedoraproject.org&gt; wrote: >> On 2020-06-28 12:16, ToddAndMargo via users wrote:

>>> I am trying to use sudo to work around the following bug >>> I posted: >>> >>> ifdown access denied with USERCTL=yes >>> https://bugzilla.redhat.com/show_bug.cgi?id=1828100 >>> >>> I wish they'd fix the bug, but it does not seems like it >>> is every going to get any attention. >>> >>> So anyway, I fired up `sudovi` and added the following >>> at the end of /etc/sudo.conf`: >>> >>> ## Allows members of the users group to down eno2 >>> %users ALL=/usr/libexec/nm-ifdown eno2 >>> >>> Now when I run it from the command line, I get: >>> >>> $ /usr/libexec/nm-ifdown eno2 >>> Error: failed to load connection: access denied. >>> >>> Questions: >>> >>> 1) I thought `sudovi` caused sudo to reread sudo.conf >>> on its exit. Am I mistaken? And if so, how do I >>> force a reread? >>> >>> 2) what is wrong with the syntax of the command I added >>> to sudo.conf? > > It's "/etc/sudoers.conf". Obviously not the right one.

$ ls -al /etc/sudo.conf -rw-r--r--. 1 root root 3953 Mar 27 01:50 /etc/sudo.conf $ less /etc/sudu.conf # # Default /etc/sudo.conf file # # Sudo plugins: # Plugin plugin_name plugin_path plugin_options ... # # The plugin_path is relative to /usr/libexec/sudo unless # fully qualified. # The plugin_name corresponds to a global symbol in the plugin # that contains the plugin interface structure. # The plugin_options are optional. # # The sudoers plugin is used by default if no Plugin lines are present. Plugin sudoers_policy sudoers.so Plugin sudoers_io sudoers.so

> It's better to add a file, for example "/etc/sudoers.d/ifdown", with > "visudo -f /etc/sudoers.d/ifdown". # ls /etc/sudoers.d pkg-build # grep -i nm-ifdown /etc/sudoers %users ALL= NOPASSWD: /usr/libexec/nm-ifdown eno2

>> Ah ha! This worked: >> >> %users ALL= NOPASSWD: /usr/libexec/nm-ifdown eno2 > > Better: > > %users ALL=(root) NOPASSWD: /usr/libexec/nm-ifdown I wanted the command to be specific to eno2 >> >> Then >> >> $ sudo /usr/libexec/nm-ifdown eno2 >> >> Connection 'eno2' successfully deactivated (D-Bus active path: >> /org/freedesktop/NetworkManager/ActiveConnection/2) >> >> >> and `sudovi` did cause the re-read as I thought > > There's no "sudovi". There's "visudo" to edit the configuration and > there's "sudoedit" to edit a file as another user. I commonly will reverse letter. :'( does sudoedit reload the conf file when it exits?