![]() But if you're going to do it, this is one of the less unsafe ways of doing it. Whether it's a good idea to do this or not is debatable. On this page there is a discussion on the sudoers file, but I don't quite understand the references to visudo -c -f I think what is being suggested there is: copy the sudoers file, then make changes to that copy, then visudo -c -f to check that the new file is valid, then overwrite sudoers, then chmod 440 on that new file, is that it? I'm not sure of the steps to implement this.I am most interested in how to do with this with standard Linux tools that I can put into a bash script, but I would be very interested to also see how this exact operation is done in Ansible so that I could roll out simple changes like this to all sudoers files on my home network. ![]() I understand that this is dangerous, I understand why it is protected, but these are my home systems where I have a script that runs through dozens of simple configuration changes (and I rebuild those systems fairly regularly also, so it would be useful to me to be able to automate this).I have read that chmod 440 might be important for this. How can I add ,timestamp_timeout=600 to the end of the Defaults env_reset line in my sudoers files (to increase the sudo nag time to 10 hours), and doing this programmatically and without destroying the system (I tried this once and made my Linux system unbootable and had to reinstall).What is the correct way to update the sudoers file programmatically? Specifically: ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |