Welcome to the Linux Foundation Forum!

sudoers file

First sorry if i posted in wrong section

So, I want to add user to sudoers file to give him permission to del users (to use "userdel command".

I started bash and execute visudo. On the end of file I add new line so it looks like this

"user name" ALL = /usr/sbin/userdel

save the file and quit.

When I try to execute command as users specified in sudoers file I get error message "userdel: cannot lock /etc/passwd; try again later" and I must use "sudo" to del user.

Where I made mistake?

Thanks for help

Comments

  • odlevakp
    odlevakp Posts: 29
    Your setup should work... you will always have to write "sudo" followed by users password before the "userdel" command
  • So it doesn't matter if I add user to sudoers file,I'll always have to preface command with sudo? :)
  • Goineasy9
    Goineasy9 Posts: 1,114
    That's correct.
  • odlevakp
    odlevakp Posts: 29
    During the Ubuntu desktop installation the installer asks you for an username and pass, since desktop installations have mostly one active user this user will become also the system admin (server installation or some other distribution may ask for the root password). This user will be added to the admin group:
    # grep "^admin" /etc/group
    admin:x:115:pavol
    

    and in the sudoers file is an entry that any user in admin group can run any command on any host as any user:
    # grep "admin" /etc/sudoers
    # Members of the admin group may gain root privileges
    %admin ALL=(ALL) ALL
    

    So if you are in this group you don't have to add a new entry for your user and userdel command.

    However if you create a new user, he/she won't be by default in the admin group and won't be able to run the userdel command without a proper entry in the sudoers file
    # adduser tester
    # adduser to_be_deleted
    # su - tester
    
    $ /usr/sbin/userdel to_be_deleted
    userdel: cannot lock /etc/passwd; try again later.
    
    $ sudo /usr/sbin/userdel to_be_deleted
    tester is not in the sudoers file.  This incident will be reported.
    

Categories

Upcoming Training