0
I issue visudo command, add this rule to the very end of the file, save the file and quit.
newuser ALL=/usr/sbin/useradd
However newuser is still able to run such commands as
sudo touch file1
And the added rule to sudoers file seems not to work. Why ?
I have logged out/in after modifying the file.
Tomas.R
Posted 2019-10-27T20:51:49.757
Reputation: 35
1
Putting that line in the sudoers file allows the user to run /usr/sbin/useradd with sudo rights which is required as the command edits /etc/passwd. It doesn't prevent the user from doing anything else including using binaries in the user's PATH. In fact, the user can run the command without that line in the /etc/sudoers file but it won't have any effect for the reason that I gave above.
Nasir Riley
Posted 2019-10-27T20:51:49.757
Reputation: 886
thank you for your reply but I still can't get a grasp on how sudoers file work.
After I put this rule "newuser ALL=/usr/sbin/useradd"
newuser is still available to do "sudo passwd username"
Why ?
Shouldn't useradd be the only command is allowed to pass with sudo ? – Tomas.R – 2019-10-28T20:06:14.843
@Tomas.R Does the command actually allow
newuserto run the command after entering the password? – Nasir Riley – 2019-10-28T22:24:58.897Solved. I've removed newuser from sudo group, left that same line in sudoers file and then everything started to work as expected. Thanks Nasir. – Tomas.R – 2019-10-30T20:40:37.520