simple sudoers question(s)

[scacinto]

Hi All,
I'm attempting to change some file permissions for backup purposes so that a non-admin account on my computer can write to a certain file. I have several questions if someone has the time.

1) How do I find out group names and user names for the purpose of adding them to the sudoers file. (I'm accessing the sudoers file using

sudo vi sudoers

from my admin account because I can't access the file from the non-admin user account, obviously because it needs to be edited with sudo, which it can't do) Problem is, I can't access root from the non-admin user account.


2) anyone know why I can't 'su' as a non-admin user? I though root was universal as long as the passwd was correct, but I can only su from my admin account.

I suppose anwers to these questions should let me accomplish what I need to... unless you're having fun with this stuff and would like to give me a blow-by-blow "how to"... which wouldn't hurt ; D

thanks much

-S

 

[spb]

I don't know the command line solution to this... but you can fix the su problem by opening System Preferences --> Accounts. Select a user, and the Security tab. Click the box at the bottom "Allow user to administer this computer."

 

[scacinto]

hmmmm. I'm still not sure what the deal is. Does a user have to have admin privileges in order to su from the command line? I'm not sure as I've never had to deal with this before. It certainly makes doing anything from that account much more difficult.

I got all the permissions stuff fixed, by the way, just read the man page. waddya gonna do?

anyone with info about the "su" issue should definitely chime in... unless you're chicken-chicken.

I'll post if'n'when I find out... unless someone beats me to it.

 

[spb]

I believe that in some GNU/Linux distribution (such as Ubuntu), you have to be a member of the admin group to use sudo.

I've not administered a Linux machine in 10 months so this might be outdated information. :7)

 

[lurk]

The source of confusion here is su does not equal sudo. They are different.

su - This one is Switch User it switches to a new user and you can use it to become anyone not only root. The password you use is the password of the "switched to" user. So for root you use root's password.

sudo - This one is Super-User-Do and is used for a trusted user to execute something as root. This command captures the idea of "I trust Bob to delete print jobs as if he were root." In this case you have to give the trusted user's password and not roots.

One cool thing is that with sudo you can limit what sorts of root things you allow that person to do. For instance, at my old school the people in the lab could sudo to kill runaway print jobs, something that normally could not be done as a mere mortal. But these people could not use that rootness to read people's mail.

By default on your mac root does not have a password so you cannot use su to become root; however, and administrator can used sudo -s to the same effect. If root did have a password then any user who knew the password, administrator or not, could su to root at anytime.

Instead the security model is that "administrators" are users added to the list of users who can sudo and do anything. That is the fundamental result of checking the "this user can admin this machine" box. Normal users cannot do so.

hmmmm. I'm still not sure what the deal is. Does a user have to have admin privileges in order to su from the command line? I'm not sure as I've never had to deal with this before. It certainly makes doing anything from that account much more difficult.

Which is kind of the point, at least for dangerous stuff. Given what I said above you could most likely su to an admin user and then use sudo to do your root stuff, with only one extra step.