git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Installing Packages as Another User with Sudo


On Sat, Jul 14, 2018 at 1:17 AM Ricardo Grant <rgrant at laurentian.ca> wrote:
>
> I have been trying and failing to set up the sudoers file so that I
> can run apt/dpkg/etc as another user without sudo (root) access. Here
> is a snippet:
>
> # Restrict the user "packager" to only installing packages on this
> # machine
> packager home = NOPASSWD: (root) /usr/bin/apt, (root)
> /usr/bin/aptitude, (root) /usr/bin/dpkg
>
> # Allow users to install packages via "packager"
> granttrec home = (packager) /usr/bin/apt, (packager) /usr/bin/aptitude
>
> The user packager was created as a system user and belongs to nogroup,
> I tried adding thi user to the sudo group but no effect, the command I
> am trying to run is:
>
> sudo -u packager sudo aptitude install ...
>
> Also If I enter aptitude, I can become root without a sudo promt.

1) What does "enter aptitude" mean?

2) I assume that "grantrec" is a group. If it is, you'll need "%grantrec".

3) Don't add "packager" to the "sudo" group or the "grantrec"
members'll be able to run any command as "root".

4) Are you sure that you can put "NOPASSWD:" before the systemname?
I'm not familiar with allowing multiple commands without an alias so
maybe. But, AFAIR, comes just before a command.

5) Why do you need "packager"? You can give the "grantrec" members
direct access:

Cmnd_Alias INST = /usr/bin/apt, /usr/bin/aptitude, /usr/bin/apt-get,
/usr/bin/dpkg

%grantrec home = (root) INST