Solved

Ubuntu: STATUS of my UAC ("User Access Control")

Posted on 2011-09-15
15
384 Views
Last Modified: 2012-05-12
Hi,

1) This UAC tools at Windows Vista and 7 are very annoying.
2)I have a linux Ubuntu (10.04.3) workstation in production environment
- It gets the IP address from DHCP server
- It can connect to intranet and internet well
3) This linux machine is also having the capability similar to UAC --> always prompting to password
4) Per help of EE's experts, i get to know that we can "DISABLE" this UAC tool by editing the file at /etc/sudoers
5) I did editing this file as the followings
- open terminal
-switch to root --> use "sudo -s"
-edit the file with gedit --> gedit /etc/sudoers
-The editing is:
   * Original (or by default): %admin ALL=(ALL) ALL
   * Change it into: %admin ALL=(ALL) NOPASSWD: ALL
-then SAVE and EXIT
6) After doing the above, I want to TEST (whether this UAC tool has been DISABLED); I do the followings
-open terminal
- I type in: sudo -s --> it did not ask me the password, and it change to the "root"
- I am back to the "user" (not root), and type in: sudo gedit /etc/hostname --> the hostname window appear, and the system did not ask me for a password
- I am back to the "user" (not root), and type in: sudo ifconfig eth0 down --> and it did not ask me for a password (When I check, the IP address is gone; it is only 127.0.0.1; so the command is working)
- I type in --> sudo ifconfig eth0 up (and the IP address appears again; and it did not also asking for password)

7) I need the Confirmation from Experts please
8) Per my understanding, the UAC tool in the above linux Ubuntu workstation has been DISABLED; is it TRUE? or I am wrong ...please provide a liitle bit explanation for your answers
9) Thank you

tjie
0
Comment
Question by:tjie
  • 9
  • 6
15 Comments
 
LVL 21

Expert Comment

by:Papertrip
ID: 36547304
?

Didn't we just confirm this?

-edit the file with gedit --> gedit /etc/sudoers

As I said before, use visudo.
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36547307
Bad link

Here
0
 

Author Comment

by:tjie
ID: 36547330
After the other posting ....
I tried again to use gedit ....
and ....I do not agree why we have to use visudo
like you said as the above

"""" -edit the file with gedit --> gedit /etc/sudoers


As I said before, use visudo.""""

Per my understanding is EDITING the file "sudoers"
- In order to do it we do NOT need to use "visudo" as long the MAIN purpose is to edit the file "sudoers" in here :
* Original (or by default): %admin ALL=(ALL) ALL
   * Change it into: %admin ALL=(ALL) NOPASSWD: ALL

As long as we can edit the file becoming to """ %admin ALL=(ALL) NOPASSWD: ALL """"", we do not need to use "visudo"

Because of that, I issue another posting for other experts to comment

Frankly speaking, I just learn this Ubuntu, but I just use "Common sense" ---> why I have to use "visudo"

And when I test, it seems it works without using "visudo" ....but of course, I am not sure

Because of that I need the confirmation from other Experts please

Anyway, thanks for the helps
0
 
LVL 21

Accepted Solution

by:
Papertrip earned 500 total points
ID: 36547336
man visudo

Open in new window

visudo edits the sudoers file in a safe fashion, analogous to vipw(8). visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors.

Open in new window


What if you used gedit, like you did, and you made a typo in the file which caused it to be invalid?  Now that sudo is broken, how are you going to run 'sudo gedit /etc/sudoers' to fix it?

Your goal:  be able to run sudo without giving a password
Your tests:  able to run sudo without password successfully
Your results:  sudo can now be ran without a password

There really isn't anything else to wonder about.  You were able to do what you originally wanted, correct?
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36547337
Code got cut off:

visudo edits the sudoers file in a safe fashion, analogous to vipw(8). visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors.
0
 

Author Comment

by:tjie
ID: 36547342
so this UAC has been disabled right?
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36547344
Yes.
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:tjie
ID: 36547360
1) Oh good ...
2) Because some of my clients just asked me to uninstall the Ubuntu and install back from scratch if necessary to "disable" this UAC
3) I setup a lot of Windows Vista and 7 and all users need to DISABLE this UAC (they do not CARE about security or bla ..bla...bla)
4) I just continue editing it by gedit (as i found out "nano" etc seems difficult for me); and it is better than i have to install back the Ubuntu from the scratch
5) Thanks
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36547366
4) I just continue editing it by gedit (as i found out "nano" etc seems difficult for me); and it is better than i have to install back the Ubuntu from the scratch

You are asking for trouble :-/
0
 

Author Comment

by:tjie
ID: 36547381
""" You are asking for trouble :-/""""
Why?

If necessary i backup firstly this file "sudoers" ... (before I edit the """ * Original (or by default): %admin ALL=(ALL) ALL
   * Change it into: %admin ALL=(ALL) NOPASSWD: ALL """")

I can execute --> sudo cp /etc/sudoers /etc/sudoers_backup ....is OK right?
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36547385
From my earlier reply http:#36547336

What if you used gedit, like you did, and you made a typo in the file which caused it to be invalid?  Now that sudo is broken, how are you going to run 'sudo gedit /etc/sudoers' to fix it?
0
 

Author Comment

by:tjie
ID: 36547402
1) Before I edit the file "sudoers", I backup firstly
2) If there is a typo or whatever, and it becomes "invalid or whatever"; i just copy it back the "right value" of the "sudoers" to /etc/sudoers.....would be Ok right?
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36547419
2) If there is a typo or whatever, and it becomes "invalid or whatever"; i just copy it back the "right value" of the "sudoers" to /etc/sudoers.....would be Ok right?
/etc/sudoers is owned by root.  You need to be root to overwrite it.  If you broke sudo, you can't become root.

Now I'm probably going to regret saying this, but I feel obligated.  You can login AS root IF you have the password, and fix a broken sudoers file... but what if you don't have root's password?

 I have explained it very clearly, quoted man pages, gave real-world examples.  According to your previous question, another EE expert already told you to do the following, which is what I said to do as well:
3) Per reference from one of EE's experts; the article says like the followings:
-Open terminal
-Sudo visudo
-Find the line that says
   %admin ALL=(ALL) ALL
-and change it to
   %admin ALL=(ALL) NOPASSWD: ALL
-Save and exit the file

I'm really not sure why we are going back and forth about this, what do you still have trouble understanding?
0
 

Author Comment

by:tjie
ID: 36547459
Ok
I got the point
thanks
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 36547531
Is there anything more with this question that you are unsure of?
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now