tags:

views:

92

answers:

3
+1  Q: 

understanding sudoers

I have a unix script which creates a temporary log file, say tempfl.log. When this file is created it has permission rw-r--r--.

There is a line

chmod 0440 /etc/sudoers tempfl.log 2>&1

But when the script is done the permission changes to r--r--r-- but it should be rw-r--r--. If I change the line to 

chmod 0644 /etc/sudoers tempfl.log

the permissions are right for tempfl.log but it throws errors saying

sudo: /usr/local/etc/sudoers is mode 0644, should be 0440

I do not understand what sudoers is doing and what is wrong.

+1  A: 

When you write chmod 0440 /etc/sudoers tempfl.log it changes the permissions of /etc/sudoers and tempfl.log to both be 0440, which is wrong.

When you write chmod 0644 /etc/sudoers tempfl.log it changes the permissions of /etc/sudoers and tempfl.log to both be 0644, which is wrong.

Do you need to change permissions on /etc/sudoers at all? Did you actually want to write chmod 0644 tempfl.log?

hobbs  2010-09-01 04:25:45
Agree, there is not a practical need I can think of to change the permissions of `/etc/sudoers`.
wuputah  2010-09-01 04:29:27
Nothing should touch `/etc/sudoers` at all besides `visudo`.
hobbs  2010-09-01 04:36:57
+2  A: 

Your script is doing exactly what you're telling it to do:

chmod 0440 /etc/sudoers tempfl.log

will apply r--r----- to both of those files.

You really shouldn't be fiddling around with the sudoers file unless you're writing admin scripts and, even then, the permissions should be left alone since that helps secure your system. The sudo program itself checks the permissions of its configuration file and warns you (as you've seen). Listen to it. It obviously knows better than you :-)

Are you sure you aren't just trying to run certain parts of your script under sudo, as in:

sudo chmod 0440 tempfl.log 2>&1

If not, and you really want to modify both files (but with different permissions, use two separate commands:

chmod 0440 /etc/sudoers 2>&1
chmod 0644 tempfl.log 2>&1
paxdiablo  2010-09-01 04:31:27
ya, im sure of it.
randeepsp  2010-09-01 05:53:41
A: 

Your script is changing the permission of 2 files, /etc/sudoers and tempfl.log. Split the command in two lines and you should be fine.

Drew Frezell  2010-09-01 04:31:40
please have a look at the comment i added.
randeepsp  2010-09-01 04:37:13

related questions

Obscuring network proxy password in plain text files on Linux/UNIX-likes
Why doesn't **find** find anything?
Getting stack traces on Unix systems, automatically
Differences between unix and windows files
How do you do a case insensitive search using a pattern modifier using less ?
Using Visual Studio to develop for C++ for Unix
How do I generate ASCII codes 2 and 3 in a Bash command line?
What's in your .procmailrc
Allow user to set up an SSH tunnel, but nothing else
What is PHP Safe Mode GID?
How to avoid redefining VERSION, PACKAGE, etc.
How can I encode xml files to xfdl (base64-gzip)?
Faster way to find duplicates conditioned by time
Date arithmetic in Unix shell scripts
Using Xming X Window Server over a VPN
Windows Equivalent of 'nice'
How do I configure and communicate with a serial port?
Choosing a static code analysis tool
What should a longtime Windows user know when starting to use Linux?
How do I use (n)curses in Ruby?
Process size on UNIX
Getting root permissions on a file inside of vi?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
Fastest way to get value of pi