1
How can I let a user U to run a command /usr/bin/C as a member of a group G (while he does not belong to the group G), using sudoers on Debian Wheezy?
user1876484
Posted 2013-08-08T09:42:49.967
Reputation: 123
Let a user to run a command as a member of a group he does not belong to, using `sudoers`
Answers
1
Given:
U = an user G = a group to which user doesn't belong C = a command M = the machine
if you've got the line:
U M=:G C
so if you want user 'test' launch command 'touch' as group 'whatever' on machine 'aserver' you should add:
test aserver=(:whatever) /usr/bin/touch
in sudoers, then you'll be able to launch touch as group whatever via:
sudo -g whatever touch mytestfile
user1293137
Posted 2013-08-08T09:42:49.967
Reputation: 222
In my case command C is /usr/bin/nautilus-sendto which is normally called by a user through GUI (Nautilus), in order for things to remain transparent for the user I have to avoid using command line (
sudo -g whatever touch mytestfile). So is there a way to make it transparent? – user1876484 – 2013-08-08T10:17:05.047@user1876484 - should this be
U M=:G Candtest aserver=:whatever /usr/bin/touchorU M=(:G) Candtest aserver=(:whatever) /usr/bin/touch? – user1876484 – 2013-08-08T10:30:17.4931the set should be:
user machine=(:group) command – user1293137 – 2013-08-08T10:39:48.720
@user1876484 - what about my first comment - how to make it Gnome-transparent. I thought to substitute the original /usr/bin/nautilus-sendto with a bash script that will have
sudo -g floppy /usr/bin/nautilus-sendto.original $1inside. But the problem is sudo wants to check the password of user - is there a way to force sudo to run the program without asking for password? Or maybe you have another workaround to make this Gnome-transparent? – user1876484 – 2013-08-08T12:56:55.100Wops, sorry: just saw your comment. NOPASSWD: flag before command alias should do the job:
User Machine=(:Group) NOPASSWD: Command – user1293137 – 2013-08-20T07:59:45.303