Ubuntu: STATUS of my UAC ("User Access Control")

Hi,

1) This UAC tools at Windows Vista and 7 are very annoying.
2)I have a linux Ubuntu (10.04.3) workstation in production environment
- It gets the IP address from DHCP server
- It can connect to intranet and internet well
3) This linux machine is also having the capability similar to UAC --> always prompting to password
4) Per help of EE's experts, i get to know that we can "DISABLE" this UAC tool by editing the file at /etc/sudoers
5) I did editing this file as the followings
- open terminal
-switch to root --> use "sudo -s"
-edit the file with gedit --> gedit /etc/sudoers
-The editing is:
   * Original (or by default): %admin ALL=(ALL) ALL
   * Change it into: %admin ALL=(ALL) NOPASSWD: ALL
-then SAVE and EXIT
6) After doing the above, I want to TEST (whether this UAC tool has been DISABLED); I do the followings
-open terminal
- I type in: sudo -s --> it did not ask me the password, and it change to the "root"
- I am back to the "user" (not root), and type in: sudo gedit /etc/hostname --> the hostname window appear, and the system did not ask me for a password
- I am back to the "user" (not root), and type in: sudo ifconfig eth0 down --> and it did not ask me for a password (When I check, the IP address is gone; it is only 127.0.0.1; so the command is working)
- I type in --> sudo ifconfig eth0 up (and the IP address appears again; and it did not also asking for password)

7) I need the Confirmation from Experts please
8) Per my understanding, the UAC tool in the above linux Ubuntu workstation has been DISABLED; is it TRUE? or I am wrong ...please provide a liitle bit explanation for your answers
9) Thank you

tjie
tjieAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

PapertripCommented:
?

Didn't we just confirm this?

-edit the file with gedit --> gedit /etc/sudoers

As I said before, use visudo.
0
PapertripCommented:
Bad link

Here
0
tjieAuthor Commented:
After the other posting ....
I tried again to use gedit ....
and ....I do not agree why we have to use visudo
like you said as the above

"""" -edit the file with gedit --> gedit /etc/sudoers


As I said before, use visudo.""""

Per my understanding is EDITING the file "sudoers"
- In order to do it we do NOT need to use "visudo" as long the MAIN purpose is to edit the file "sudoers" in here :
* Original (or by default): %admin ALL=(ALL) ALL
   * Change it into: %admin ALL=(ALL) NOPASSWD: ALL

As long as we can edit the file becoming to """ %admin ALL=(ALL) NOPASSWD: ALL """"", we do not need to use "visudo"

Because of that, I issue another posting for other experts to comment

Frankly speaking, I just learn this Ubuntu, but I just use "Common sense" ---> why I have to use "visudo"

And when I test, it seems it works without using "visudo" ....but of course, I am not sure

Because of that I need the confirmation from other Experts please

Anyway, thanks for the helps
0
Hey MSSPs! What's your total cost of ownership?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

PapertripCommented:
man visudo

Open in new window

visudo edits the sudoers file in a safe fashion, analogous to vipw(8). visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors.

Open in new window


What if you used gedit, like you did, and you made a typo in the file which caused it to be invalid?  Now that sudo is broken, how are you going to run 'sudo gedit /etc/sudoers' to fix it?

Your goal:  be able to run sudo without giving a password
Your tests:  able to run sudo without password successfully
Your results:  sudo can now be ran without a password

There really isn't anything else to wonder about.  You were able to do what you originally wanted, correct?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PapertripCommented:
Code got cut off:

visudo edits the sudoers file in a safe fashion, analogous to vipw(8). visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors.
0
tjieAuthor Commented:
so this UAC has been disabled right?
0
PapertripCommented:
Yes.
0
tjieAuthor Commented:
1) Oh good ...
2) Because some of my clients just asked me to uninstall the Ubuntu and install back from scratch if necessary to "disable" this UAC
3) I setup a lot of Windows Vista and 7 and all users need to DISABLE this UAC (they do not CARE about security or bla ..bla...bla)
4) I just continue editing it by gedit (as i found out "nano" etc seems difficult for me); and it is better than i have to install back the Ubuntu from the scratch
5) Thanks
0
PapertripCommented:
4) I just continue editing it by gedit (as i found out "nano" etc seems difficult for me); and it is better than i have to install back the Ubuntu from the scratch

You are asking for trouble :-/
0
tjieAuthor Commented:
""" You are asking for trouble :-/""""
Why?

If necessary i backup firstly this file "sudoers" ... (before I edit the """ * Original (or by default): %admin ALL=(ALL) ALL
   * Change it into: %admin ALL=(ALL) NOPASSWD: ALL """")

I can execute --> sudo cp /etc/sudoers /etc/sudoers_backup ....is OK right?
0
PapertripCommented:
From my earlier reply http:#36547336

What if you used gedit, like you did, and you made a typo in the file which caused it to be invalid?  Now that sudo is broken, how are you going to run 'sudo gedit /etc/sudoers' to fix it?
0
tjieAuthor Commented:
1) Before I edit the file "sudoers", I backup firstly
2) If there is a typo or whatever, and it becomes "invalid or whatever"; i just copy it back the "right value" of the "sudoers" to /etc/sudoers.....would be Ok right?
0
PapertripCommented:
2) If there is a typo or whatever, and it becomes "invalid or whatever"; i just copy it back the "right value" of the "sudoers" to /etc/sudoers.....would be Ok right?
/etc/sudoers is owned by root.  You need to be root to overwrite it.  If you broke sudo, you can't become root.

Now I'm probably going to regret saying this, but I feel obligated.  You can login AS root IF you have the password, and fix a broken sudoers file... but what if you don't have root's password?

 I have explained it very clearly, quoted man pages, gave real-world examples.  According to your previous question, another EE expert already told you to do the following, which is what I said to do as well:
3) Per reference from one of EE's experts; the article says like the followings:
-Open terminal
-Sudo visudo
-Find the line that says
   %admin ALL=(ALL) ALL
-and change it to
   %admin ALL=(ALL) NOPASSWD: ALL
-Save and exit the file

I'm really not sure why we are going back and forth about this, what do you still have trouble understanding?
0
tjieAuthor Commented:
Ok
I got the point
thanks
0
PapertripCommented:
Is there anything more with this question that you are unsure of?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.