I have just installed using the artix-cinnamon-runit-20200110-x86_64.iso
I noticed that as user, I was able to sudo, even though this should not be allowed based on the contents of /etc/sudoers
The only uncommented line in /etc/sudoers is
root ALL=(ALL) ALL
yet:
$ cd /etc/
$ sudo touch a
[sudo] password for artiong:
$ ls -lt a
-rw-r--r-- 1 root root 0 Jan 16 07:11 a
How can this be fixed? I don't want my particular user to be able to sudo. I will be the one doing the updates and maintenance.
Yeah that definitely shouldn't be possible. Could you post the output of "groups artiong"? Maybe there will be a clue in there somewhere.
I sure will but it will be awhile. Work is getting in the way of a good time! I did do
and I didn't see anything weird there. Maybe tomorrow morning before I can post.
Here is the output you requested:
# groups artiong
log network scanner power users wheel optical lp storage video artiong
I can't think of anything I might of done to cause this. The only thing I can even think to mention is that during the install process I took the option to use a different password for root. I literally just installed yesterday morning before work and I didn't do any tweaking under the hood. Didn't have time to!
Maybe the GUI installer automatically installs sudo with the wheel group uncommented (I've only ever done the base installation) and you just didn't notice that it was uncommented in the file? Kind of dumb I know, but it's the only guess I've got right now.
I sure wish that were the case.
# show_uncommented_lines /etc/sudoers
root ALL=(ALL) ALL
% cat bin/show_uncommented_lines
#!/bin/sh
for stuff in "$@"
do
grep -v '^ *#' "$stuff" | grep -v "^$"
done
Let me know if you think of anything I can try on my side. I would be happy to help.
Got anything in /etc/sudoers.d ? :o
Your user is member of the wheel group, this is automatically set by the Calamares installer for the
first user configured at installation. You can either remove your account from wheel or delete/comment out the %wheel line from
/etc/sudoers.d/g_wheel (not recommended).
Please, mark this topic as [SOLVED] by editing the opening post and clicking the green 'SOLVE TOPIC' below, if it's actually solved.
Well shoot I never have seen that directory used before. I do now see it in man 5 sudoers which I should've read earlier. Thanks for the great explanation.