visudo -f sudoers
Or just run visudo to edit the default file.
A best practice followed by some is instead of editing default files like this to instead create a file in sudoers.d. This prevents your edits from being wiped out when sudo gets updated.
However, just focus on getting back to normal now. Worry about best practices when you have time. Just remember if it stops working sometime in the future for some unknown reason it might be because your changes got wiped out during an update.
Oh i like that ideaā¦awesome!
Here is the only change I put into the file:
Also, i notice a file called sudoers.save; should that be there? I didnāt notice it before
This was created by the nano editor when you used nano to edit the /etc/sudoers file (wrongly 
) (*.save = a nano emergency file where its buffer gets dumped)
If your /etc/sudoers file is back to normal and all is working ok, you can safely delete the /etc/sudoers.save file
Is everything ok now? 
Unsure if it is āokā now.
i mean Iām not locked out of sudo anymore by having that joe file dumped into the sudoers.d directory. That was a fun learning experience Iāll never repeat.
That file should work i assume based on everything iāve read, but i still canāt run the script through openhab.
Based on the openhab log it seems like it runs it.
But it never reboots.
Perform some sudo based commands to see if your system is responding correctly.
Check also the privileges for the openhab user using list mode:
sudo --list -U openhab
Then, you can see what is the output of the command by running it as the openhab user in the current root session:
sudo --user=openhab reboot
This will try to run the reboot command as the user openhab
By the way, (for future reference): It didnāt work because: You set the owner of the script file to the openhab user. This means that it would run with the openhab user privileges even if another user executed it (this is the purpose of the setuid). Thatās why I mentioned that you should change the owner to root for this file.
Still didnāt work:
Hereās the output:
I changed the owner and added the setbit back
Hereās the manual run again after all of that:
PolicyKit errors, hmmmmmm.
What Linux are we running here?
PolicyKit is an alternative method for allowing no-privileged users to execute privileged commands. In addition to or instead of just giving permission to openhab in sudoers you need to update the PolicyKit policy to allow it as well.
Iāve never done this but surely there is a tutorial out there somewhereā¦
I think that the output of the script will show the same PolicyKit errorsā¦
What is the output of:
sudo --user=openhab /etc/openhab2/ShutDown.sh
?
Ubuntu 16.04
I tried to run that, but it wonāt take the openhab password I type in the default openhab pw but it doesnt work.
Do you have a sudo inside your ShutDown.sh script? If so, as I suspect, this means that your sudoers is still not configured to allow openhab to sudo without a password.
That looks right to me.
Maybe try using /sbin/shutdown -r now. It probably wonāt work but I have no further ideas.
you can change the password of the linux openhab user by:
passwd openhab
The default habopen password for the username openhab applies to the Karaf console access.
Iām weary to change the default openhab pw; rather leave it intact.
I can try changing the script to shutdown and the sudoers file to /shutdown later and see what happens.
If that doesnāt work, perhaps its not in the cards for me.
There is always a way but it needs trial and error.
It is not easy (and it should not be) to give elevated privileges (like reboot) to a regular linux userā¦ Imagine having a multi-user environment where people have multiple files open and processes running and 1 user issues the reboot command
I added
openhab ALL=NOPASSWD: /sbin/shutdown
to the sudoers file
I edited the script file to:
sudo shutdown -r
retriedā¦no dice
wonāt run from openhab
running from cmd line yields this:
Yep. It is PolicyKit that is preventing the openhab user from doing anything. We can edit sudoers all day but if the policy in policykit doesnāt get updated to allow it openhab will simple never be able to run those commands.
Interestingly enough i was going to try to āmanage policy kitā with this link:
etc/polkit-1/localauthority
but it doesnāt look like itās even installed
