Since my kids also use my primary system, I no longer could give full sudo access to the default family user account and need to ensure that only I could administer the system.
On a previous occasion I had manually edited the /etc/sudoers file. But this time I learnt about a command called visudo.
The visudo command is similar to vi with the added benefit that when the editor is closed it also validates the file.
My main aim was to enable using the truecrypt utility from the normal user rather than from root.
With the help of this command I was able to make the change to the sudoers file. Below I've listed all the options I tried with my understanding of why they worked or didn't.
On a previous occasion I had manually edited the /etc/sudoers file. But this time I learnt about a command called visudo.
The visudo command is similar to vi with the added benefit that when the editor is closed it also validates the file.
My main aim was to enable using the truecrypt utility from the normal user rather than from root.
With the help of this command I was able to make the change to the sudoers file. Below I've listed all the options I tried with my understanding of why they worked or didn't.
- I create an alias for all the commands I wanted to be able to run as a normal user. This is a short cut instead of having to use this list when granting users permissions
- Cmnd_Alias TRUECRPT = /bin/mount, /bin/umount, /usr/bin/truecrypt
- Next step was to all the specific user access. In this example, username is the login user.
- username ALL=(ALL) ALL
- The command resulted in the user being able to run all the commands after being prompted for the username's password.
- This was the previous setting that I wanted to remove.
- username ALL=(TRUECRPT)
- This enabled only the relevant commands to be run by the user after the user enter their password when prompted.
- username ALL=(TRUECRPT) NOPASSWD: ALL
- This resulted in a syntax error detected by visudo
- username ALL=(TRUECRPT) NOPASSWD: TRUECRYPT
- This resulted in a syntax error detected by visudo
- username ALL=NOPASSWD: TRUECRPT
- This was the command was the one that worked for me. It allowed the use of truecrypt and it's automounted partitions to be accessed without prompting the user for passwords.
