[SOLVED] user can sudo contrary to /etc/sudoers

Topic: [SOLVED] user can sudo contrary to /etc/sudoers (Read 1790 times) previous topic - next topic

0 Members and 1 Guest are viewing this topic.

[SOLVED] user can sudo contrary to /etc/sudoers

16 January 2020, 14:25:00

I have just installed using the artix-cinnamon-runit-20200110-x86_64.iso

I noticed that as user, I was able to sudo, even though this should not be allowed based on the contents of /etc/sudoers

The only uncommented line in /etc/sudoers is

Code: [Select]

root ALL=(ALL) ALL

yet:

Code: [Select]

$ cd /etc/
$ sudo touch a
[sudo] password for artiong: 
$ ls -lt a
-rw-r--r-- 1 root root 0 Jan 16 07:11 a

How can this be fixed? I don't want my particular user to be able to sudo. I will be the one doing the updates and maintenance.

Re: user can sudo contrary to /etc/sudoers

Reply #1 – 16 January 2020, 15:31:59

Yeah that definitely shouldn't be possible. Could you post the output of "groups artiong"? Maybe there will be a clue in there somewhere.

Re: user can sudo contrary to /etc/sudoers

Reply #2 – 16 January 2020, 16:18:13

I sure will but it will be awhile. Work is getting in the way of a good time! I did do

Quote

# id artiong

and I didn't see anything weird there. Maybe tomorrow morning before I can post.

Re: user can sudo contrary to /etc/sudoers

Reply #3 – 17 January 2020, 13:46:00

Here is the output you requested:

Code: [Select]

# groups artiong
log network scanner power users wheel optical lp storage video artiong

I can't think of anything I might of done to cause this. The only thing I can even think to mention is that during the install process I took the option to use a different password for root. I literally just installed yesterday morning before work and I didn't do any tweaking under the hood. Didn't have time to!

Re: user can sudo contrary to /etc/sudoers

Reply #4 – 17 January 2020, 14:58:09

Maybe the GUI installer automatically installs sudo with the wheel group uncommented (I've only ever done the base installation) and you just didn't notice that it was uncommented in the file? Kind of dumb I know, but it's the only guess I've got right now.

Re: user can sudo contrary to /etc/sudoers

Reply #5 – 17 January 2020, 16:16:16

I sure wish that were the case.

Code: [Select]

# show_uncommented_lines /etc/sudoers
root ALL=(ALL) ALL

Code: [Select]

% cat bin/show_uncommented_lines
#!/bin/sh
for stuff in "$@"
do
  grep -v '^ *#' "$stuff" | grep -v "^$"
done

Let me know if you think of anything I can try on my side. I would be happy to help.

Re: user can sudo contrary to /etc/sudoers

Reply #6 – 17 January 2020, 21:02:02

Got anything in /etc/sudoers.d ?

Re: user can sudo contrary to /etc/sudoers

Reply #7 – 17 January 2020, 22:59:05

Quote from: artiong – on 17 January 2020, 13:46:00

Code: [Select]

# groups artiong
log network scanner power users wheel optical lp storage video artiong

Your user is member of the wheel group, this is automatically set by the Calamares installer for the first user configured at installation. You can either remove your account from wheel or delete/comment out the %wheel line from /etc/sudoers.d/g_wheel (not recommended).
Please, mark this topic as [SOLVED] by editing the opening post and clicking the green 'SOLVE TOPIC' below, if it's actually solved.

Re: user can sudo contrary to /etc/sudoers

Reply #8 – 18 January 2020, 01:45:38

Well shoot I never have seen that directory used before. I do now see it in man 5 sudoers which I should've read earlier. Thanks for the great explanation.