1
How can I let a user U to run a command /usr/bin/C as a member of a group G (while he does not belong to the group G), using sudoers on Debian Wheezy?
1
How can I let a user U to run a command /usr/bin/C as a member of a group G (while he does not belong to the group G), using sudoers on Debian Wheezy?
1
Given:
U = an user G = a group to which user doesn't belong C = a command M = the machine
if you've got the line:
U M=:G C
so if you want user 'test' launch command 'touch' as group 'whatever' on machine 'aserver' you should add:
test aserver=(:whatever) /usr/bin/touch
in sudoers, then you'll be able to launch touch as group whatever via:
sudo -g whatever touch mytestfile
In my case command C is /usr/bin/nautilus-sendto which is normally called by a user through GUI (Nautilus), in order for things to remain transparent for the user I have to avoid using command line (
sudo -g whatever touch mytestfile
). So is there a way to make it transparent? – user1876484 – 2013-08-08T10:17:05.047@user1876484 - should this be
U M=:G C
andtest aserver=:whatever /usr/bin/touch
orU M=(:G) C
andtest aserver=(:whatever) /usr/bin/touch
? – user1876484 – 2013-08-08T10:30:17.4931the set should be:
user machine=(:group) command – user1293137 – 2013-08-08T10:39:48.720
@user1876484 - what about my first comment - how to make it Gnome-transparent. I thought to substitute the original /usr/bin/nautilus-sendto with a bash script that will have
sudo -g floppy /usr/bin/nautilus-sendto.original $1
inside. But the problem is sudo wants to check the password of user - is there a way to force sudo to run the program without asking for password? Or maybe you have another workaround to make this Gnome-transparent? – user1876484 – 2013-08-08T12:56:55.100Wops, sorry: just saw your comment. NOPASSWD: flag before command alias should do the job:
User Machine=(:Group) NOPASSWD: Command – user1293137 – 2013-08-20T07:59:45.303