SOLVED Adding users to sudoers

Caesar · Mar 16, 2013

I have read the docs and searched the forums and it seems very simple. if you want a user to sudo; they need to be added to the 'wheel' group but 'wheel' must not be the primary group. Now when I first created this account I added wheel as it's primary group bc its my main account and I didn't know about the su requirement. I have since changed it but I still cannot su. Am I missing something?

Code:

[ebright@storage] ~> id
uid=1003(ebright) gid=1003(users) groups=1003(users),0(wheel)
[ebright@storage] ~> su root
Password:
su: Sorry
[ebright@storage] ~> sudo su

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

Password:
Sorry, user ebright is not allowed to execute '/usr/bin/su' as root on storage.h                                                  ome.
[ebright@storage] ~>

JaimieV · Mar 17, 2013

Take a look in /usr/local/etc/sudoers.sample.

For more, read the manual page for sudo, and then take a look at http://www.itedit.com/blog/?p=3 (skip the first bit about installing it, obviously it's already installed in FreeNAS).

Caesar · Mar 17, 2013

I'm lost... it seems like this is already configured by default in freenas, am I wrong? I understand how to edit/add an account to the sudoers list but the freenas docs imply that all I need to do is add the user to the wheel group. When I visudo all I get is this

Code:

 # Let find_alias_for_smtplib.py runs as root (it needs database access)
ALL ALL=(ALL) NOPASSWD: /etc/find_alias_for_smtplib.py

Should I have to edit the sudoers file in a default freenas install?

shit I just noticed that I have not included my version. FreeNAS-8.3.0-RELEASE-p1-x64 (r12825)

JaimieV · Mar 18, 2013

The documentation is unfortunately wrong, it seems. sudo is installed by default but not configured for users, only for the GUI. You need to edit the sudoers file.

If you'd look through the .sample file as I suggested you'll see this:

## Uncomment to allow members of group wheel to execute any command
# %wheel ALL=(ALL) ALL

That doesn't exist in the sudoers file, so you'll have to edit it in.

William Grzybowski · Mar 18, 2013

Please don't use sudo nor mess with it in the freenas install, use the jail.

James · Mar 19, 2013

sudoers is not the same thing as su. su requires the user to be in the wheel group and to type su to become superuser. sudoers requires the editing of the sudoers file and to type sudo before running a command.

Caesar · Mar 25, 2013

ok thanks guys. I get it now. I was using the wrong pass. I am use to using sudo so when I su I would enter my password instead of the root password. And William thanks for the warning! I knew better than to mess with the file system outside of the jail.

Daisuke · Sep 18, 2013

William Grzybowski said:
Please don't use sudo nor mess with it in the freenas install, use the jail.

Hi Will,

Why is not a recommended approach to edit sudoers file?
I'm using sudo on every single box, I would like to be able using it also in FreeNAS.

dlavigne · Sep 19, 2013

The changes you make using visudo will not be written to the config database.

fracai · Sep 19, 2013

I think the eventual question is: why does FreeNAS ship with sudo, but without a way to give a user sudoer privs? This seems like a good candidate for an enhancement ticket. Unless there's some reason to have the tool, but not the capability to use it.

dlavigne · Sep 19, 2013

Please post the ticket number after you create it

fracai · Sep 19, 2013

I was originally waiting for comments, but here you go: https://bugs.freenas.org/issues/3172

Daisuke · Sep 19, 2013

dlavigne said:
The changes you make using visudo will not be written to the config database.

I know that... I was simply asking what is the proper way to add an user to sudoers in FreeNAS because responding "you don't" would be strange in any admin's book.

Also, I have no idea why the thread is marked SOLVED, because the issue is not solved at all. :)
We should be able to use sudoers, period. Is like telling me, "hey we don't support vi."

jgreco · Sep 19, 2013

I'm not really sure "you don't" is such a strange answer.

You know that Linux BusyBox image that's running your TV or DSL or other random device, most often you don't get to do it there either. FreeNAS is designed first and foremost as an appliance. I'm pretty sure the inclusion of sudo comes from the import of NanoBSD, rather than any particular intention on the part of the developers to enable users to use sudo.

The main difference is that for the most part, the developers here don't particularly discourage power users from using (and abusing) the CLI. So it seems like a natural progression would be for sudo to be there but not really set up to do anything, then one day someone asks for that to be fixed, then a developer spends some time, and voila, new capability.

There are a thousand finicky little details in taking a raw operating system image and making something useful out of it.

On the other hand, there is also a very strong argument to be made that the base OS shouldn't be twiddled around with by end users. Locally here, we do a lot of FreeBSD builds and the base system is entirely built by an automated system; no human is supposed to manually edit things within the base system. If something isn't suitable, the build system has to be adjusted to make it possible. There's no human interaction with a system build from the time the install disc is inserted to the time the system is hardened for deployment. The base system is viewed as a platform on which to run applications. Treating the machine as a platform on which to run applications is in some ways similar to the FreeNAS appliance concept. In our case, sudo is largely pointless ... you can't make changes to the base system even as root. This ensures reproducible results when all the systems get rebuilt for FreeBSD 9.2R (any day now!). I think William strongly views the FreeNAS base platform in a similar light, and I largely agree: running around making changes violates part of the idea of an appliance device. But sudo is handy for other things as well.

Oko · Oct 31, 2014

TECK said:
I know that... I was simply asking what is the proper way to add an user to sudoers in FreeNAS because responding "you don't" would be strange in any admin's book.

Also, I have no idea why the thread is marked SOLVED, because the issue is not solved at all. :)
We should be able to use sudoers, period. Is like telling me, "hey we don't support vi."

+1

I am with you on this one. Please look my bubbling about using rsnapshot to backup FreeNAS server.

https://forums.freenas.org/index.ph...ss-program-specified-rsnapshot-freenas.24463/

Ability to execute rsync on FreeNAS box without tty and not giving password to sudo is key. Why in a world is this

https://bugs.freenas.org/issues/3172

ticket closed?

Important Announcement for the TrueNAS Community.

SOLVED Adding users to sudoers

Caesar

Contributor

JaimieV

Guru

Caesar

Contributor

JaimieV

Guru

William Grzybowski

Wizard

James

Guest

Caesar

Contributor

Daisuke

Contributor

dlavigne

Guest

fracai

Guru

dlavigne

Guest

fracai

Guru

Daisuke

Contributor

jgreco

Resident Grinch

Oko

Contributor

Similar threads