OK, can someone help me out with this - I'm not that clued up on the Linux accounts/security thing... (well, in particular the 770's flavour of it )

I'm running a shell script that calls commands using sudo. If I run the command as root, it tells me that root is not in the sudoers file (well I guess it wouldn't be - why would it need to..) and that "this incident will be reported"

If I run as a normal user (the next obvious thing to try...) it asks me for a password when it gets to the line with the sudo in it. I assume this is the password for the user named "user". I've tried just pressing enter, my numeric screen lock password, and the root password. None worked.

I could always modify the script and remove the sudos then always run it as root, but I guess I'll prob. want to come out of R&D mode (lose that ugly green text at bootup and stuff) at some point, now that I've set a root password and can sudo in...

Basically I'm looking for a better solution, or at least want to know what's going on here/how all this permissions stuff works on the 770...

Any clue as to what you are doing? It sounds like you may want to edit the /etc/sudoers file to add your command.

I was trying out the trifinite bluetooth tools (see the 3rd part section in the maemo wiki)...

hmm... sudoers file eh? I know my Linux a bit, but I've never ventured that far south.

What's the format/how does it work (in the case of the 770 in particular)? Do you add users and then list the commands they're allowed to run under sudo?

I'm still a bit confused by this user called "user" that you're not alowed to change the password for. Actually, if you use gainroot, it does let you; and I did - I hope I didn't break anything! I figure knowing the password for both user and Root, is better than not when playing on the command line (especially when you're not entirely sure what you're doing!! *ahem* I hope Nokia release an updated image so I have something to re-flash it with, before I manage to totally break everything!! )

#
# Sample /etc/sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.###
# User alias specification
##
User_Alias FULLTIMERS = millert, mikef, dowdy
User_Alias PARTTIMERS = bostley, jwfox, crawl
User_Alias WEBMASTERS = will, wendy, wim

##
# Runas alias specification
##
Runas_Alias OP = root, operator
Runas_Alias DB = oracle, sybase

##
# Host alias specification
##
Host_Alias SPARC = bigtime, eclipse, moet, anchor:\
SGI = grolsch, dandelion, black:\
ALPHA = widget, thalamus, foobar:\
HPPA = boa, nag, python
Host_Alias CUNETS = 128.138.0.0/255.255.0.0
Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
Host_Alias SERVERS = master, mail, www, ns
Host_Alias CDROM = orion, perseus, hercules

##
# Cmnd alias specification
##
Cmnd_Alias DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \
/usr/sbin/rrestore, /usr/bin/mt
Cmnd_Alias KILL = /usr/bin/kill
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
Cmnd_Alias HALT = /usr/sbin/halt, /usr/sbin/fasthalt
Cmnd_Alias REBOOT = /usr/sbin/reboot, /usr/sbin/fastboot
Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
/usr/local/bin/tcsh, /usr/bin/rsh, \
/usr/local/bin/zsh
Cmnd_Alias SU = /usr/bin/su
Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \
/usr/bin/chfn

##
# Override built-in defaults
##
Defaults syslog=auth
Defaults:FULLTIMERS !lecture
Defaults:millert !authenticate
Defaults@SERVERS log_year, logfile=/var/log/sudo.log

##
# User specification
##

# root and users in group wheel can run anything on any machine as any user
root ALL = (ALL) ALL
%wheel ALL = (ALL) ALL

# full time sysadmins can run anything on any machine without a password
FULLTIMERS ALL = NOPASSWD: ALL

# part time sysadmins may run anything but need a password
PARTTIMERS ALL = ALL

# jack may run anything on machines in CSNETS
jack CSNETS = ALL

# lisa may run any command on any host in CUNETS (a class B network)
lisa CUNETS = ALL

# operator may run maintenance commands and anything in /usr/oper/bin/
operator ALL = DUMPS, KILL, PRINTING, SHUTDOWN, HALT, REBOOT,\
/usr/oper/bin/

# joe may su only to operator
joe ALL = /usr/bin/su operator

# pete may change passwords for anyone but root on the hp snakes
pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root

# bob may run anything on the sparc and sgi machines as any user
# listed in the Runas_Alias "OP" (ie: root and operator)
bob SPARC = (OP) ALL : SGI = (OP) ALL

# jim may run anything on machines in the biglab netgroup
jim +biglab = ALL

# users in the secretaries netgroup need to help manage the printers
# as well as add and remove users
+secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser

# fred can run commands as oracle or sybase without a password
fred ALL = (DB) NOPASSWD: ALL

# on the alphas, john may su to anyone but root and flags are not allowed
john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*

# jen can run anything on all machines except the ones
# in the "SERVERS" Host_Alias
jen ALL, !SERVERS = ALL

# jill can run any commands in the directory /usr/bin/, except for
# those in the SU and SHELLS aliases.
jill SERVERS = /usr/bin/, !SU, !SHELLS

# steve can run any command in the directory /usr/local/op_commands/
# as user operator.
steve CSNETS = (operator) /usr/local/op_commands/

# matt needs to be able to kill things on his workstation when
# they get hung.
matt valkyrie = KILL

# users in the WEBMASTERS User_Alias (will, wendy, and wim)
# may run any command as user www (which owns the web pages)
# or simply su to www.
WEBMASTERS www = (www) ALL, (root) /usr/bin/su www

# anyone can mount/unmount a cd-rom on the machines in the CDROM alias
ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\
/sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM
this is a sample you should buy the linux Command book, its by Oreilly and it has a horses head on the cover.

Yo Chuck,

I too want to be able to run shell scripts as root, but I want to be sure I'm doing this right before I brick my 770:

On the 770, can I only edit /etc/sudoers using visudo? If so, how (typing visudo in xterm doesn't work)? I've been using joe as an editor, since I really hate the sadistic vi. Would joe work as well?

To enable running a shell script with root privs, do I need to add this line to /etc/sudoers:

user ALL = NOPASSWD: /bin/sh

Yes?

Assuming this is correct, can I then assume the shell script will run as root if that's how I'm logged in, or do I need to insert a "sudo gainroot" at the start of the script?


Thanks,

John

A bit of a resolution to my question above: If you put this line into the sudoers file, you can use sudo inside shell scripts. You can also run the shell scripts outside of xterm (for example as desktop menu items):

user ALL = NOPASSWD: ALL

BTW: I made this addition to the sudoers file on my windows PC via the dropbear SSH server (WinSCP on the PC).

I was also able to open and view the sudoers file on the 770 with joe, but I didn't change anything for fear of screwing up the 770.