Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Ubuntu: STATUS of my UAC ("User Access Control")

Posted on 2011-09-15
15
Medium Priority
?
394 Views
Last Modified: 2012-05-12
Hi,

1) This UAC tools at Windows Vista and 7 are very annoying.
2)I have a linux Ubuntu (10.04.3) workstation in production environment
- It gets the IP address from DHCP server
- It can connect to intranet and internet well
3) This linux machine is also having the capability similar to UAC --> always prompting to password
4) Per help of EE's experts, i get to know that we can "DISABLE" this UAC tool by editing the file at /etc/sudoers
5) I did editing this file as the followings
- open terminal
-switch to root --> use "sudo -s"
-edit the file with gedit --> gedit /etc/sudoers
-The editing is:
   * Original (or by default): %admin ALL=(ALL) ALL
   * Change it into: %admin ALL=(ALL) NOPASSWD: ALL
-then SAVE and EXIT
6) After doing the above, I want to TEST (whether this UAC tool has been DISABLED); I do the followings
-open terminal
- I type in: sudo -s --> it did not ask me the password, and it change to the "root"
- I am back to the "user" (not root), and type in: sudo gedit /etc/hostname --> the hostname window appear, and the system did not ask me for a password
- I am back to the "user" (not root), and type in: sudo ifconfig eth0 down --> and it did not ask me for a password (When I check, the IP address is gone; it is only 127.0.0.1; so the command is working)
- I type in --> sudo ifconfig eth0 up (and the IP address appears again; and it did not also asking for password)

7) I need the Confirmation from Experts please
8) Per my understanding, the UAC tool in the above linux Ubuntu workstation has been DISABLED; is it TRUE? or I am wrong ...please provide a liitle bit explanation for your answers
9) Thank you

tjie
0
Comment
Question by:tjie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 6
15 Comments
 
LVL 21

Expert Comment

by:Papertrip
ID: 36547304
?

Didn't we just confirm this?

-edit the file with gedit --> gedit /etc/sudoers

As I said before, use visudo.
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36547307
Bad link

Here
0
 

Author Comment

by:tjie
ID: 36547330
After the other posting ....
I tried again to use gedit ....
and ....I do not agree why we have to use visudo
like you said as the above

"""" -edit the file with gedit --> gedit /etc/sudoers


As I said before, use visudo.""""

Per my understanding is EDITING the file "sudoers"
- In order to do it we do NOT need to use "visudo" as long the MAIN purpose is to edit the file "sudoers" in here :
* Original (or by default): %admin ALL=(ALL) ALL
   * Change it into: %admin ALL=(ALL) NOPASSWD: ALL

As long as we can edit the file becoming to """ %admin ALL=(ALL) NOPASSWD: ALL """"", we do not need to use "visudo"

Because of that, I issue another posting for other experts to comment

Frankly speaking, I just learn this Ubuntu, but I just use "Common sense" ---> why I have to use "visudo"

And when I test, it seems it works without using "visudo" ....but of course, I am not sure

Because of that I need the confirmation from other Experts please

Anyway, thanks for the helps
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 21

Accepted Solution

by:
Papertrip earned 2000 total points
ID: 36547336
man visudo

Open in new window

visudo edits the sudoers file in a safe fashion, analogous to vipw(8). visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors.

Open in new window


What if you used gedit, like you did, and you made a typo in the file which caused it to be invalid?  Now that sudo is broken, how are you going to run 'sudo gedit /etc/sudoers' to fix it?

Your goal:  be able to run sudo without giving a password
Your tests:  able to run sudo without password successfully
Your results:  sudo can now be ran without a password

There really isn't anything else to wonder about.  You were able to do what you originally wanted, correct?
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36547337
Code got cut off:

visudo edits the sudoers file in a safe fashion, analogous to vipw(8). visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors.
0
 

Author Comment

by:tjie
ID: 36547342
so this UAC has been disabled right?
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36547344
Yes.
0
 

Author Comment

by:tjie
ID: 36547360
1) Oh good ...
2) Because some of my clients just asked me to uninstall the Ubuntu and install back from scratch if necessary to "disable" this UAC
3) I setup a lot of Windows Vista and 7 and all users need to DISABLE this UAC (they do not CARE about security or bla ..bla...bla)
4) I just continue editing it by gedit (as i found out "nano" etc seems difficult for me); and it is better than i have to install back the Ubuntu from the scratch
5) Thanks
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36547366
4) I just continue editing it by gedit (as i found out "nano" etc seems difficult for me); and it is better than i have to install back the Ubuntu from the scratch

You are asking for trouble :-/
0
 

Author Comment

by:tjie
ID: 36547381
""" You are asking for trouble :-/""""
Why?

If necessary i backup firstly this file "sudoers" ... (before I edit the """ * Original (or by default): %admin ALL=(ALL) ALL
   * Change it into: %admin ALL=(ALL) NOPASSWD: ALL """")

I can execute --> sudo cp /etc/sudoers /etc/sudoers_backup ....is OK right?
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36547385
From my earlier reply http:#36547336

What if you used gedit, like you did, and you made a typo in the file which caused it to be invalid?  Now that sudo is broken, how are you going to run 'sudo gedit /etc/sudoers' to fix it?
0
 

Author Comment

by:tjie
ID: 36547402
1) Before I edit the file "sudoers", I backup firstly
2) If there is a typo or whatever, and it becomes "invalid or whatever"; i just copy it back the "right value" of the "sudoers" to /etc/sudoers.....would be Ok right?
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36547419
2) If there is a typo or whatever, and it becomes "invalid or whatever"; i just copy it back the "right value" of the "sudoers" to /etc/sudoers.....would be Ok right?
/etc/sudoers is owned by root.  You need to be root to overwrite it.  If you broke sudo, you can't become root.

Now I'm probably going to regret saying this, but I feel obligated.  You can login AS root IF you have the password, and fix a broken sudoers file... but what if you don't have root's password?

 I have explained it very clearly, quoted man pages, gave real-world examples.  According to your previous question, another EE expert already told you to do the following, which is what I said to do as well:
3) Per reference from one of EE's experts; the article says like the followings:
-Open terminal
-Sudo visudo
-Find the line that says
   %admin ALL=(ALL) ALL
-and change it to
   %admin ALL=(ALL) NOPASSWD: ALL
-Save and exit the file

I'm really not sure why we are going back and forth about this, what do you still have trouble understanding?
0
 

Author Comment

by:tjie
ID: 36547459
Ok
I got the point
thanks
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36547531
Is there anything more with this question that you are unsure of?
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question