I have been trying to set default permissions for my own user in my machine ((K)Ubuntu 11.10), in order to setup automation scripts for i.e. mounting filesystems at logon, changing permissions, etc. After looking around, I found very useful posts like this one and this other, and I decided to put my conclusions on the following short list:
- You need to use
sudo visudoto edit the base sudoers file.
- If you run
sudo visudoyou may notice there is a line that reads
#includedir /etc/sudoers.d. Never mind the # character, this line is enabled, not commented out as one may unsuspectingly assume. Just don’t touch it.
- To create a new set of permissions, follow these steps:
- Create a configuration file, elsewhere not in the
/etc/sudoers.ddirectory. Don’t name it with ‘~‘ characters or periods (‘.‘). Example:
$ nano mount_conf
- Fill it up with the settings you will use. This thread does a nice introduction at making these settings up. Example:
# Enable me to mount/umount simply Host_Alias HOST = your_machine_name. You can get it by running cat /etc/hostname Cmnd_Alias MOUNT = /bin/mount,/bin/umount Cmnd_Alias FILEPERM = /bin/chown your_username HOST=(root) NOPASSWD:MOUNT,FILEPERM
- Save it, and now prepare it for moving it into the
$sudo chown root:root mount_conf $sudo chmod 0440 mount_conf $sudo mv mount_conf /etc/sudoers.d/
- Check everything went fine, by running
sudo -l. Example output:
$sudo -l Matching Defaults entries for luis on this host: env_reset User luis may run the following commands on this host: (ALL) ALL (root) NOPASSWD: /bin/mount, /bin/umount, (root) /bin/chown
Hopefully you’ll be able to mount and umount filesystems, and also change ownership of files, if you follow the example. You will still need to prepend
sudo to the invocation of the command, but then it won’t ask for your password.