# Any idea about "security/sudo" ?



## anti (Feb 21, 2010)

Hello

I have installed "sudo", but i dont know how can i use it to give a user some root privileges.


----------



## Nightweaver (Feb 21, 2010)

Just type *visudo* as root and read through the file. That should give you all the info you need for starters


----------



## spoon (Feb 21, 2010)

`ee /usr/local/etc/sudoers`

look for:

```
# User privilege specification
root    ALL=(ALL) ALL
```
below root line add:

```
you	ALL=(ALL) ALL
```
Replace "you" with your username. You can find more info in man sudo, because i'm no expert...in anything.


----------



## anti (Feb 21, 2010)

spoon said:
			
		

> `ee /usr/local/etc/sudoers`
> 
> look for:
> 
> ...



I have added : www ALL=(ALL) ALL

and I wrote php page with this code


```
<?php
system("reboot");
?>
```

But still no effect of this function!!
any idea?


----------



## anti (Feb 21, 2010)

Nightweaver said:
			
		

> Just type *visudo* as root and read through the file. That should give you all the info you need for starters



I'll try


----------



## tkjacobsen (Feb 21, 2010)

Well, I answered you in the other post! http://forums.freebsd.org/showthread.php?t=11510

* Type visudo
* Add a line:

```
www    localhost = NOPASSWD: /sbin/reboot
```
* execute the command as 

```
sudo /sbin/reboot
```
which means you have to type the following in your php:

```
system("sudo /sbin/reboot");
```

EDIT:
Using

```
www        ALL=(ALL) NOPASSWD: ALL
```
would also work, but it's the worst idea in the world to allow the www user to execute with root privileges and no password. At least the line above will only allow for reboot.


Best regards


----------



## anti (Feb 22, 2010)

Hello tkjacobsen, a lot of thanks for your support but the problem still exist. This msg appears when i excute my php code.

```
www : user NOT authorized on host ; TTY= unknown ; PWD=/usr/local/www/apache22/data; USER=root ; COMMAND=/sbin/reboot
```


----------



## sixtydoses (Feb 22, 2010)

```
www    localhost = NOPASSWD: /sbin/reboot
```

Substitute localhost with your hostname or 'ALL'.


----------



## sniper007 (Feb 27, 2010)

can i edit 
	
	



```
/usr/local/etc/sudoers
```
 with emacs ?


----------



## DutchDaemon (Feb 27, 2010)

tried 
	
	



```
export EDITOR=emacs ; visudo
```
 or similar?


----------



## sniper007 (Feb 27, 2010)

Cool

I didn't know that visudo use $EDITOR environment 

thanks


----------



## phoenix (Mar 1, 2010)

When in doubt, always check the visudo(8) man page.  


```
There is a hard-coded list of editors that visudo will use set at
       compile-time that may be overridden via the editor sudoers Default
       variable.  This list defaults to the path to vi(1) on your system, as
       determined by the configure script.  Normally, visudo does not honor
       the VISUAL or EDITOR environment variables unless they contain an
       editor in the aforementioned editors list.  However, if visudo is
       configured with the --with-enveditor option or the env_editor Default
       variable is set in sudoers, visudo will use any the editor defines by
       VISUAL or EDITOR.  Note that this can be a security hole since it
       allows the user to execute any program they wish simply by setting
       VISUAL or EDITOR.
```


----------

