Solved

Ubuntu: STATUS of my UAC ("User Access Control")

Posted on 2011-09-15
15
385 Views
Last Modified: 2012-05-12
Hi,

1) This UAC tools at Windows Vista and 7 are very annoying.
2)I have a linux Ubuntu (10.04.3) workstation in production environment
- It gets the IP address from DHCP server
- It can connect to intranet and internet well
3) This linux machine is also having the capability similar to UAC --> always prompting to password
4) Per help of EE's experts, i get to know that we can "DISABLE" this UAC tool by editing the file at /etc/sudoers
5) I did editing this file as the followings
- open terminal
-switch to root --> use "sudo -s"
-edit the file with gedit --> gedit /etc/sudoers
-The editing is:
   * Original (or by default): %admin ALL=(ALL) ALL
   * Change it into: %admin ALL=(ALL) NOPASSWD: ALL
-then SAVE and EXIT
6) After doing the above, I want to TEST (whether this UAC tool has been DISABLED); I do the followings
-open terminal
- I type in: sudo -s --> it did not ask me the password, and it change to the "root"
- I am back to the "user" (not root), and type in: sudo gedit /etc/hostname --> the hostname window appear, and the system did not ask me for a password
- I am back to the "user" (not root), and type in: sudo ifconfig eth0 down --> and it did not ask me for a password (When I check, the IP address is gone; it is only 127.0.0.1; so the command is working)
- I type in --> sudo ifconfig eth0 up (and the IP address appears again; and it did not also asking for password)

7) I need the Confirmation from Experts please
8) Per my understanding, the UAC tool in the above linux Ubuntu workstation has been DISABLED; is it TRUE? or I am wrong ...please provide a liitle bit explanation for your answers
9) Thank you

tjie
0
Comment
Question by:tjie
  • 9
  • 6
15 Comments
 
LVL 21

Expert Comment

by:Papertrip
ID: 36547304
?

Didn't we just confirm this?

-edit the file with gedit --> gedit /etc/sudoers

As I said before, use visudo.
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36547307
Bad link

Here
0
 

Author Comment

by:tjie
ID: 36547330
After the other posting ....
I tried again to use gedit ....
and ....I do not agree why we have to use visudo
like you said as the above

"""" -edit the file with gedit --> gedit /etc/sudoers


As I said before, use visudo.""""

Per my understanding is EDITING the file "sudoers"
- In order to do it we do NOT need to use "visudo" as long the MAIN purpose is to edit the file "sudoers" in here :
* Original (or by default): %admin ALL=(ALL) ALL
   * Change it into: %admin ALL=(ALL) NOPASSWD: ALL

As long as we can edit the file becoming to """ %admin ALL=(ALL) NOPASSWD: ALL """"", we do not need to use "visudo"

Because of that, I issue another posting for other experts to comment

Frankly speaking, I just learn this Ubuntu, but I just use "Common sense" ---> why I have to use "visudo"

And when I test, it seems it works without using "visudo" ....but of course, I am not sure

Because of that I need the confirmation from other Experts please

Anyway, thanks for the helps
0
 
LVL 21

Accepted Solution

by:
Papertrip earned 500 total points
ID: 36547336
man visudo

Open in new window

visudo edits the sudoers file in a safe fashion, analogous to vipw(8). visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors.

Open in new window


What if you used gedit, like you did, and you made a typo in the file which caused it to be invalid?  Now that sudo is broken, how are you going to run 'sudo gedit /etc/sudoers' to fix it?

Your goal:  be able to run sudo without giving a password
Your tests:  able to run sudo without password successfully
Your results:  sudo can now be ran without a password

There really isn't anything else to wonder about.  You were able to do what you originally wanted, correct?
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36547337
Code got cut off:

visudo edits the sudoers file in a safe fashion, analogous to vipw(8). visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors.
0
 

Author Comment

by:tjie
ID: 36547342
so this UAC has been disabled right?
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36547344
Yes.
0
Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

 

Author Comment

by:tjie
ID: 36547360
1) Oh good ...
2) Because some of my clients just asked me to uninstall the Ubuntu and install back from scratch if necessary to "disable" this UAC
3) I setup a lot of Windows Vista and 7 and all users need to DISABLE this UAC (they do not CARE about security or bla ..bla...bla)
4) I just continue editing it by gedit (as i found out "nano" etc seems difficult for me); and it is better than i have to install back the Ubuntu from the scratch
5) Thanks
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36547366
4) I just continue editing it by gedit (as i found out "nano" etc seems difficult for me); and it is better than i have to install back the Ubuntu from the scratch

You are asking for trouble :-/
0
 

Author Comment

by:tjie
ID: 36547381
""" You are asking for trouble :-/""""
Why?

If necessary i backup firstly this file "sudoers" ... (before I edit the """ * Original (or by default): %admin ALL=(ALL) ALL
   * Change it into: %admin ALL=(ALL) NOPASSWD: ALL """")

I can execute --> sudo cp /etc/sudoers /etc/sudoers_backup ....is OK right?
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36547385
From my earlier reply http:#36547336

What if you used gedit, like you did, and you made a typo in the file which caused it to be invalid?  Now that sudo is broken, how are you going to run 'sudo gedit /etc/sudoers' to fix it?
0
 

Author Comment

by:tjie
ID: 36547402
1) Before I edit the file "sudoers", I backup firstly
2) If there is a typo or whatever, and it becomes "invalid or whatever"; i just copy it back the "right value" of the "sudoers" to /etc/sudoers.....would be Ok right?
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36547419
2) If there is a typo or whatever, and it becomes "invalid or whatever"; i just copy it back the "right value" of the "sudoers" to /etc/sudoers.....would be Ok right?
/etc/sudoers is owned by root.  You need to be root to overwrite it.  If you broke sudo, you can't become root.

Now I'm probably going to regret saying this, but I feel obligated.  You can login AS root IF you have the password, and fix a broken sudoers file... but what if you don't have root's password?

 I have explained it very clearly, quoted man pages, gave real-world examples.  According to your previous question, another EE expert already told you to do the following, which is what I said to do as well:
3) Per reference from one of EE's experts; the article says like the followings:
-Open terminal
-Sudo visudo
-Find the line that says
   %admin ALL=(ALL) ALL
-and change it to
   %admin ALL=(ALL) NOPASSWD: ALL
-Save and exit the file

I'm really not sure why we are going back and forth about this, what do you still have trouble understanding?
0
 

Author Comment

by:tjie
ID: 36547459
Ok
I got the point
thanks
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36547531
Is there anything more with this question that you are unsure of?
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
AWS RDS 3 68
Codiing Non-Existent Links 4 67
AWS CLI - Instances, Volumes & Tagging 2 75
Run same command on multiple files in Linux 3 3
I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now