Understanding sudoers:
up vote
3
down vote
favorite
I have a Unix script which creates a temporary log file, say tempfl.log.
When this file is created it has permission rw-r--r--.
There is a line
chmod 0440 /etc/sudoers tempfl.log 2>&1
But when the script is done the permission changes to r--r--r-- but it should be rw-r--r--. If I change the line to
chmod 0644 /etc/sudoers tempfl.log
The permissions are right for tempfl.log but it throws errors saying:
sudo: /usr/local/etc/sudoers is mode 0644, should be 0440
I do not understand what sudoers is doing and what is wrong.
shell sudo chmod
edited Nov 27 at 22:09
Michael Prokopec
68916
asked Sep 1 '10 at 4:19
randeepsp
1235
migrated from stackoverflow.com Dec 5 '11 at 21:26
This question came from our site for professional and enthusiast programmers.
add a comment |
up vote
3
down vote
favorite
I have a Unix script which creates a temporary log file, say tempfl.log.
When this file is created it has permission rw-r--r--.
There is a line
chmod 0440 /etc/sudoers tempfl.log 2>&1
But when the script is done the permission changes to r--r--r-- but it should be rw-r--r--. If I change the line to
chmod 0644 /etc/sudoers tempfl.log
The permissions are right for tempfl.log but it throws errors saying:
sudo: /usr/local/etc/sudoers is mode 0644, should be 0440
I do not understand what sudoers is doing and what is wrong.
shell sudo chmod
edited Nov 27 at 22:09
Michael Prokopec
68916
asked Sep 1 '10 at 4:19
randeepsp
1235
migrated from stackoverflow.com Dec 5 '11 at 21:26
This question came from our site for professional and enthusiast programmers.
thanks for the responses. what i understand is that, the command chmod 0440 /etc/sudoers tempfl.log 2>&1 is changing the file permisssion for both sudoers and templ.log to 440 but what i want is that the file templ.log should have the permission 644. is my understanding right ? so the solution to my problem is chmod 0440 /etc/sudoers tempfl.log 2>&1 chmod 644 tempfl.log Please let me know if these 2 commands are going to create any error.
– randeepsp
Sep 1 '10 at 4:36
2
I would just remove the /etc/sudoers from the command, you shouldn't ever have to change the permission of that file. If for some reason you needed to modify it, then you would just have two chmod commands.
– Drew Frezell
Sep 1 '10 at 4:56
add a comment |
up vote
3
down vote
favorite
up vote
3
down vote
favorite
I have a Unix script which creates a temporary log file, say tempfl.log.
When this file is created it has permission rw-r--r--.
There is a line
chmod 0440 /etc/sudoers tempfl.log 2>&1
But when the script is done the permission changes to r--r--r-- but it should be rw-r--r--. If I change the line to
chmod 0644 /etc/sudoers tempfl.log
The permissions are right for tempfl.log but it throws errors saying:
sudo: /usr/local/etc/sudoers is mode 0644, should be 0440
I do not understand what sudoers is doing and what is wrong.
shell sudo chmod
edited Nov 27 at 22:09
Michael Prokopec
68916
asked Sep 1 '10 at 4:19
randeepsp
1235
I have a Unix script which creates a temporary log file, say tempfl.log.
When this file is created it has permission rw-r--r--.
There is a line
chmod 0440 /etc/sudoers tempfl.log 2>&1
But when the script is done the permission changes to r--r--r-- but it should be rw-r--r--. If I change the line to
chmod 0644 /etc/sudoers tempfl.log
The permissions are right for tempfl.log but it throws errors saying:
sudo: /usr/local/etc/sudoers is mode 0644, should be 0440
I do not understand what sudoers is doing and what is wrong.
shell sudo chmod
shell sudo chmod
edited Nov 27 at 22:09
Michael Prokopec
68916
asked Sep 1 '10 at 4:19
randeepsp
1235
edited Nov 27 at 22:09
Michael Prokopec
68916
asked Sep 1 '10 at 4:19
randeepsp
1235
edited Nov 27 at 22:09
Michael Prokopec
68916
edited Nov 27 at 22:09
Michael Prokopec
68916
edited Nov 27 at 22:09
Michael Prokopec
68916
68916
asked Sep 1 '10 at 4:19
randeepsp
1235
asked Sep 1 '10 at 4:19
randeepsp
1235
asked Sep 1 '10 at 4:19
randeepsp
1235
1235
migrated from stackoverflow.com Dec 5 '11 at 21:26
This question came from our site for professional and enthusiast programmers.
migrated from stackoverflow.com Dec 5 '11 at 21:26
This question came from our site for professional and enthusiast programmers.
thanks for the responses. what i understand is that, the command chmod 0440 /etc/sudoers tempfl.log 2>&1 is changing the file permisssion for both sudoers and templ.log to 440 but what i want is that the file templ.log should have the permission 644. is my understanding right ? so the solution to my problem is chmod 0440 /etc/sudoers tempfl.log 2>&1 chmod 644 tempfl.log Please let me know if these 2 commands are going to create any error.
– randeepsp
Sep 1 '10 at 4:36
2
I would just remove the /etc/sudoers from the command, you shouldn't ever have to change the permission of that file. If for some reason you needed to modify it, then you would just have two chmod commands.
– Drew Frezell
Sep 1 '10 at 4:56
add a comment |
thanks for the responses. what i understand is that, the command chmod 0440 /etc/sudoers tempfl.log 2>&1 is changing the file permisssion for both sudoers and templ.log to 440 but what i want is that the file templ.log should have the permission 644. is my understanding right ? so the solution to my problem is chmod 0440 /etc/sudoers tempfl.log 2>&1 chmod 644 tempfl.log Please let me know if these 2 commands are going to create any error.
– randeepsp
Sep 1 '10 at 4:36
2
I would just remove the /etc/sudoers from the command, you shouldn't ever have to change the permission of that file. If for some reason you needed to modify it, then you would just have two chmod commands.
– Drew Frezell
Sep 1 '10 at 4:56
thanks for the responses. what i understand is that, the command chmod 0440 /etc/sudoers tempfl.log 2>&1 is changing the file permisssion for both sudoers and templ.log to 440 but what i want is that the file templ.log should have the permission 644. is my understanding right ? so the solution to my problem is chmod 0440 /etc/sudoers tempfl.log 2>&1 chmod 644 tempfl.log Please let me know if these 2 commands are going to create any error.
– randeepsp
Sep 1 '10 at 4:36
thanks for the responses. what i understand is that, the command chmod 0440 /etc/sudoers tempfl.log 2>&1 is changing the file permisssion for both sudoers and templ.log to 440 but what i want is that the file templ.log should have the permission 644. is my understanding right ? so the solution to my problem is chmod 0440 /etc/sudoers tempfl.log 2>&1 chmod 644 tempfl.log Please let me know if these 2 commands are going to create any error.
– randeepsp
Sep 1 '10 at 4:36
2
2
I would just remove the /etc/sudoers from the command, you shouldn't ever have to change the permission of that file. If for some reason you needed to modify it, then you would just have two chmod commands.
– Drew Frezell
Sep 1 '10 at 4:56
I would just remove the /etc/sudoers from the command, you shouldn't ever have to change the permission of that file. If for some reason you needed to modify it, then you would just have two chmod commands.
– Drew Frezell
Sep 1 '10 at 4:56
add a comment |
3 Answers
3
active
oldest
votes
up vote
2
down vote
accepted
Your script is changing the permission of 2 files, /etc/sudoers and tempfl.log. Split the command in two lines and you should be fine.
please have a look at the comment i added.
– randeepsp
Sep 1 '10 at 4:37
add a comment |
up vote
5
down vote
Your script is doing exactly what you're telling it to do:
chmod 0440 /etc/sudoers tempfl.log
will apply r--r----- to both of those files.
You really shouldn't be fiddling around with the sudoers file unless you're writing admin scripts and, even then, the permissions should be left alone since that helps secure your system. The sudo program itself checks the permissions of its configuration file and warns you (as you've seen). Listen to it. It obviously knows better than you :-)
Are you sure you aren't just trying to run certain parts of your script under sudo, as in:
sudo chmod 0440 tempfl.log 2>&1
If not, and you really want to modify both files (but with different permissions, use two separate commands:
chmod 0440 /etc/sudoers 2>&1
chmod 0644 tempfl.log 2>&1
ya, im sure of it.
– randeepsp
Sep 1 '10 at 5:53
add a comment |
up vote
1
down vote
When you write chmod 0440 /etc/sudoers tempfl.log it changes the permissions of /etc/sudoers and tempfl.log to both be 0440, which is wrong.
When you write chmod 0644 /etc/sudoers tempfl.log it changes the permissions of /etc/sudoers and tempfl.log to both be 0644, which is wrong.
Do you need to change permissions on /etc/sudoers at all? Did you actually want to write chmod 0644 tempfl.log?
answered Sep 1 '10 at 4:25
hobbs
40338
Agree, there is not a practical need I can think of to change the permissions of/etc/sudoers.
– wuputah
Sep 1 '10 at 4:29
3
Nothing should touch/etc/sudoersat all besidesvisudo.
– hobbs
Sep 1 '10 at 4:36
add a comment |
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
accepted
Your script is changing the permission of 2 files, /etc/sudoers and tempfl.log. Split the command in two lines and you should be fine.
please have a look at the comment i added.
– randeepsp
Sep 1 '10 at 4:37
add a comment |
up vote
2
down vote
accepted
Your script is changing the permission of 2 files, /etc/sudoers and tempfl.log. Split the command in two lines and you should be fine.
please have a look at the comment i added.
– randeepsp
Sep 1 '10 at 4:37
add a comment |
up vote
2
down vote
accepted
up vote
2
down vote
accepted
Your script is changing the permission of 2 files, /etc/sudoers and tempfl.log. Split the command in two lines and you should be fine.
Your script is changing the permission of 2 files, /etc/sudoers and tempfl.log. Split the command in two lines and you should be fine.
answered Sep 1 '10 at 4:31
Drew Frezell
please have a look at the comment i added.
– randeepsp
Sep 1 '10 at 4:37
add a comment |
please have a look at the comment i added.
– randeepsp
Sep 1 '10 at 4:37
please have a look at the comment i added.
– randeepsp
Sep 1 '10 at 4:37
please have a look at the comment i added.
– randeepsp
Sep 1 '10 at 4:37
add a comment |
up vote
5
down vote
Your script is doing exactly what you're telling it to do:
chmod 0440 /etc/sudoers tempfl.log
will apply r--r----- to both of those files.
You really shouldn't be fiddling around with the sudoers file unless you're writing admin scripts and, even then, the permissions should be left alone since that helps secure your system. The sudo program itself checks the permissions of its configuration file and warns you (as you've seen). Listen to it. It obviously knows better than you :-)
Are you sure you aren't just trying to run certain parts of your script under sudo, as in:
sudo chmod 0440 tempfl.log 2>&1
If not, and you really want to modify both files (but with different permissions, use two separate commands:
chmod 0440 /etc/sudoers 2>&1
chmod 0644 tempfl.log 2>&1
ya, im sure of it.
– randeepsp
Sep 1 '10 at 5:53
add a comment |
up vote
5
down vote
Your script is doing exactly what you're telling it to do:
chmod 0440 /etc/sudoers tempfl.log
will apply r--r----- to both of those files.
You really shouldn't be fiddling around with the sudoers file unless you're writing admin scripts and, even then, the permissions should be left alone since that helps secure your system. The sudo program itself checks the permissions of its configuration file and warns you (as you've seen). Listen to it. It obviously knows better than you :-)
Are you sure you aren't just trying to run certain parts of your script under sudo, as in:
sudo chmod 0440 tempfl.log 2>&1
If not, and you really want to modify both files (but with different permissions, use two separate commands:
chmod 0440 /etc/sudoers 2>&1
chmod 0644 tempfl.log 2>&1
ya, im sure of it.
– randeepsp
Sep 1 '10 at 5:53
add a comment |
up vote
5
down vote
up vote
5
down vote
Your script is doing exactly what you're telling it to do:
chmod 0440 /etc/sudoers tempfl.log
will apply r--r----- to both of those files.
You really shouldn't be fiddling around with the sudoers file unless you're writing admin scripts and, even then, the permissions should be left alone since that helps secure your system. The sudo program itself checks the permissions of its configuration file and warns you (as you've seen). Listen to it. It obviously knows better than you :-)
Are you sure you aren't just trying to run certain parts of your script under sudo, as in:
sudo chmod 0440 tempfl.log 2>&1
If not, and you really want to modify both files (but with different permissions, use two separate commands:
chmod 0440 /etc/sudoers 2>&1
chmod 0644 tempfl.log 2>&1
Your script is doing exactly what you're telling it to do:
chmod 0440 /etc/sudoers tempfl.log
will apply r--r----- to both of those files.
You really shouldn't be fiddling around with the sudoers file unless you're writing admin scripts and, even then, the permissions should be left alone since that helps secure your system. The sudo program itself checks the permissions of its configuration file and warns you (as you've seen). Listen to it. It obviously knows better than you :-)
Are you sure you aren't just trying to run certain parts of your script under sudo, as in:
sudo chmod 0440 tempfl.log 2>&1
If not, and you really want to modify both files (but with different permissions, use two separate commands:
chmod 0440 /etc/sudoers 2>&1
chmod 0644 tempfl.log 2>&1
answered Sep 1 '10 at 4:31
user14408
ya, im sure of it.
– randeepsp
Sep 1 '10 at 5:53
add a comment |
ya, im sure of it.
– randeepsp
Sep 1 '10 at 5:53
ya, im sure of it.
– randeepsp
Sep 1 '10 at 5:53
ya, im sure of it.
– randeepsp
Sep 1 '10 at 5:53
add a comment |
up vote
1
down vote
When you write chmod 0440 /etc/sudoers tempfl.log it changes the permissions of /etc/sudoers and tempfl.log to both be 0440, which is wrong.
When you write chmod 0644 /etc/sudoers tempfl.log it changes the permissions of /etc/sudoers and tempfl.log to both be 0644, which is wrong.
Do you need to change permissions on /etc/sudoers at all? Did you actually want to write chmod 0644 tempfl.log?
answered Sep 1 '10 at 4:25
hobbs
40338
Agree, there is not a practical need I can think of to change the permissions of/etc/sudoers.
– wuputah
Sep 1 '10 at 4:29
3
Nothing should touch/etc/sudoersat all besidesvisudo.
– hobbs
Sep 1 '10 at 4:36
add a comment |
up vote
1
down vote
When you write chmod 0440 /etc/sudoers tempfl.log it changes the permissions of /etc/sudoers and tempfl.log to both be 0440, which is wrong.
When you write chmod 0644 /etc/sudoers tempfl.log it changes the permissions of /etc/sudoers and tempfl.log to both be 0644, which is wrong.
Do you need to change permissions on /etc/sudoers at all? Did you actually want to write chmod 0644 tempfl.log?
answered Sep 1 '10 at 4:25
hobbs
40338
Agree, there is not a practical need I can think of to change the permissions of/etc/sudoers.
– wuputah
Sep 1 '10 at 4:29
3
Nothing should touch/etc/sudoersat all besidesvisudo.
– hobbs
Sep 1 '10 at 4:36
add a comment |
up vote
1
down vote
up vote
1
down vote
When you write chmod 0440 /etc/sudoers tempfl.log it changes the permissions of /etc/sudoers and tempfl.log to both be 0440, which is wrong.
When you write chmod 0644 /etc/sudoers tempfl.log it changes the permissions of /etc/sudoers and tempfl.log to both be 0644, which is wrong.
Do you need to change permissions on /etc/sudoers at all? Did you actually want to write chmod 0644 tempfl.log?
answered Sep 1 '10 at 4:25
hobbs
40338
When you write chmod 0440 /etc/sudoers tempfl.log it changes the permissions of /etc/sudoers and tempfl.log to both be 0440, which is wrong.
When you write chmod 0644 /etc/sudoers tempfl.log it changes the permissions of /etc/sudoers and tempfl.log to both be 0644, which is wrong.
Do you need to change permissions on /etc/sudoers at all? Did you actually want to write chmod 0644 tempfl.log?
answered Sep 1 '10 at 4:25
hobbs
40338
answered Sep 1 '10 at 4:25
hobbs
40338
answered Sep 1 '10 at 4:25
hobbs
40338
answered Sep 1 '10 at 4:25
hobbs
40338
40338
Agree, there is not a practical need I can think of to change the permissions of/etc/sudoers.
– wuputah
Sep 1 '10 at 4:29
3
Nothing should touch/etc/sudoersat all besidesvisudo.
– hobbs
Sep 1 '10 at 4:36
add a comment |
Agree, there is not a practical need I can think of to change the permissions of/etc/sudoers.
– wuputah
Sep 1 '10 at 4:29
3
Nothing should touch/etc/sudoersat all besidesvisudo.
– hobbs
Sep 1 '10 at 4:36
Agree, there is not a practical need I can think of to change the permissions of
/etc/sudoers.– wuputah
Sep 1 '10 at 4:29
Agree, there is not a practical need I can think of to change the permissions of
/etc/sudoers.– wuputah
Sep 1 '10 at 4:29
3
3
Nothing should touch
/etc/sudoers at all besides visudo.– hobbs
Sep 1 '10 at 4:36
Nothing should touch
/etc/sudoers at all besides visudo.– hobbs
Sep 1 '10 at 4:36
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f26138%2funderstanding-sudoers%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
thanks for the responses. what i understand is that, the command chmod 0440 /etc/sudoers tempfl.log 2>&1 is changing the file permisssion for both sudoers and templ.log to 440 but what i want is that the file templ.log should have the permission 644. is my understanding right ? so the solution to my problem is chmod 0440 /etc/sudoers tempfl.log 2>&1 chmod 644 tempfl.log Please let me know if these 2 commands are going to create any error.
– randeepsp
Sep 1 '10 at 4:36
2
I would just remove the /etc/sudoers from the command, you shouldn't ever have to change the permission of that file. If for some reason you needed to modify it, then you would just have two chmod commands.
– Drew Frezell
Sep 1 '10 at 4:56