Edit Sudoers List?


12 posts in this topic Last Reply

Recommended Posts

  • 2 weeks later...

Longer answer:

 

Because the OS is running completely in RAM (this includes any "files" in the usual places, such as /etc/sudoers) any changes you make in the running OS is lost when you reboot.

 

To make a change that will survive a reboot, you need to make the system make those changes for you each time it boots.

 

This is usually done in /boot/config/go script file which is run automatically after the system boots.

 

 

Link to post

Thanks for the help, what specifically would I have to put into the go file to add a user to the sudoers list? The reason I'm trying to do this is I usually remotely connect to my server via SSH under a non root user name and would like the ability to remotely reboot the server if necessary.

Link to post

You can just add an echo line to your go file and pipe the line to the sudoers file. Its not recommended to edit this file directly without the syntax checking provided by visudo, but it does work well if you know exactly what you're doing. Alternatively you can edit the sudoers file via visudo and make a copy of it onto your flash drive and then have the go file overwrite the original on reboot.

 

Sent from my Galaxy Nexus using Tapatalk 2

Link to post
  • 1 year later...
  • 4 years later...

Since this thread is nearly 5 years old it might be worth considering if there are better methods since.

 

Instead of adding to the go script. the preferred method of executing a script is with the User Scripts plugin. You can configure when your script runs, including at boot time.

Link to post
46 minutes ago, trurl said:

Since this thread is nearly 5 years old it might be worth considering if there are better methods since.

 

Instead of adding to the go script. the preferred method of executing a script is with the User Scripts plugin. You can configure when your script runs, including at boot time.

THANKS!! I will look at switching out details in my /boot/config/go file to that right now, I didn't know it was out there very useful.

 

UPDATE: That plugin does not do things pre-mount just after the array mounts or on a schedule from what I can see.

Edited by Trunkton
Link to post
  • 1 year later...

Necro post with value below, as this is the top Google result on the topic. bulldozer !'s question on @SpaceInvaderOne's recent video (How to Test the Speed inside a VPN Download Containerhttps://www.youtube.com/watch?v=m7Qly7a_-M0) prompted this post. 

 

 

WARNING!

EDITING THE sudoers FILE (OR ANY FILE THAT FEEDS INTO IT) INCORRECTLY CAN CAUSE IRREPERABLE DAMAGE AND POSSIBLE LOSS OF ACCESS TO YOUR SYSTEM!

YOU HAVE BEEN WARNED. 

 

Only use visudo to edit the sudoers file (or any file that feeds into it)! visudo performs checks to aid in correct sudo file formatting (it is not fool-proof, double check your formatting!).

Learning vi/visudo is on you, Google it for plenty of resources! https://lmgtfy.app/?q=how+to+use+visudo+in+linux

 

Also, I am no Linux expert, but have used this method to successfully add a user to the sudoers list - on boot.

 

Okay, now that the disclaimers are over... lets check out a more complete explanation of adding a user to the sudoers list without the use of any additional tools/plugins (UserScripts is great btw, I use it heavily on my server).

  1. Understand that sudo access can be dangerous, do not give this to users who do not understand it's power
     
  2. The /etc/sudoers file itself does not need to be edited, by default it will include the /etc/sudoers.d/ directory (below is a snippet of the end of the sudoers file)
    ## Read drop-in files from /etc/sudoers.d
    ## (the '#' here does not indicate a comment)
    #includedir /etc/sudoers.d
  3. Create a file named sudoadd (no .extension), using visudo, in /boot/custom/
    • /boot/ is your flashdrive, storing the file here allows it to survive reboots and unRaid to access it while booting up
    • You may need to create the /boot/custom/ subdirectory
      • I had the subdirectory after following Spaceinvaders video on setting up the docker-shell script
         
  4.  Add the following to the sudoadd file (adjusting USERNAME to the one you'd like to use)
    ##
    ## User privilege specification
    ##
    USERNAME ALL=(ALL) NOPASSWD: ALL
    • This is in the format of root's section in the /etc/sudoers file
    • NOTE: the "NOPASSWD: " is not required and allows the specified user to execute the sudo command without entering a password
    • Write the file and Quit (generally ESC > : > wq > ENTER in visudo)
       
  5. Next we need to tell unRaid to move the custom file and set it's permissions appropriately in the go file
    • AGAIN, BE CAREFUL - THE GO FILE IS VERY IMPORTANT, IT STARTS YOUR WEBUI!
       
  6. Add the following to the end/bottom of the go file located at /boot/config/go
    cp /boot/custom/sudoadd /etc/sudoers.d/sudoadd
    chmod 0440 /etc/sudoers.d/sudoadd
    • The first line copies the custom sudoadd file from the flash drive to the OS files running in memory
    • The second line changes the permissions on the copied file to what Linux expects for a system file (IIRC)
       
  7. Also add the following to the end/bottom of the go file
    chsh -s /bin/bash USERNAME
    • This line changes the shell for the USERNAME you specify, allowing the user to login via SSH
    • I use vi to edit the go file, so Write the file and Quit (generally ESC > : > wq > ENTER)
      • If you're using another editor, save the go file and exit
         
  8. Reboot your server and test that the USERNAME you setup above can:
    • Login via SSH
    • Execute the sudo command
       

P.S.

  • I normally give full credit via links to sources where possible, but I researched and successfully did this a very long time ago. That aside, this thread and @SpaceInvaderOne were definite contributors of my solution.
  • If something in this post needs to be clarified please reply or message me and I will update it
Edited by groot-stuff
Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.