0
I'm using Arch Linux. I have a few directories that I don't want any user access to. So I've kept it locked with access to sudo only.
I have a user "alarm". I don't want "alarm" to access those files, so the user can't run sudo. BUT, I want him be able to switch networks, user netctl.
How do I give him those permissions?
Dushyant Bangal
Posted 2016-08-03T07:45:01.837
Reputation: 105
0
When you refer to giving user a permission to run sudo you usually think of giving him permissions to run any command on behalf of the user root. Butsudoersfile allows much more detailed configuration options that can give permissions to run only one particular command withroot` permissions.
For example add the following to the sudoers file (using visudo):
alarm ALL=(ALL) NOPASSWD: /usr/bin/netctl start wlan0-ssid
to limit the scope of sudo for user alarm just to one specific command with a specified argument: /usr/bin/netctl start wlan0-ssid. It will not give this user any more permissions and he won't be able to access any files (as it would required running other commands which are not specified).
Add more lines and customise them to fit your configuration.
techraf
Posted 2016-08-03T07:45:01.837
Reputation: 4 428
But he would get access to my files that are for sudo access only, right? – Dushyant Bangal – 2016-08-03T10:42:43.087
No, user
alarmwould only be able to run the specified command. There is no such thing as "files for sudo access" anyway. – techraf – 2016-08-03T10:50:10.427Is something like this possible without sudo? – Dushyant Bangal – 2016-08-03T11:10:30.697
That's what sudo was built for. What problem are you trying to solve? – techraf – 2016-08-03T11:12:13.177
actually i need to restrict access to some files. the whole system is on RPi. So if someone screws the sudoers file by plugging in SD card to PC, I'm screwed – Dushyant Bangal – 2016-08-03T11:31:48.457