git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Installing Packages as Another User with Sudo


Hello Tom, thanks for replying.

1:
Aptitude has a cli interface as well as an ncurses based one for
interactive package management.
So after running aptitude, under the action menu there is the option to
become root.

2:
No it is a user. Also after learning more I realize the root is not needed
there.

3:
No that had to be fixed, thanks. Although trying to "nest" privileges
actually does't work.

4:
The idea was that one user is delegated to installing packages on my
system, as well as some other ideas that I can't quite explain...
Anyways, I realize that it's probably best to follow your example.

Thanks again.

On 15 July 2018 at 02:34, Tom H <tomh0665 at gmail.com> wrote:

> On Sat, Jul 14, 2018 at 1:17 AM Ricardo Grant <rgrant at laurentian.ca>
> wrote:
> >
> > I have been trying and failing to set up the sudoers file so that I
> > can run apt/dpkg/etc as another user without sudo (root) access. Here
> > is a snippet:
> >
> > # Restrict the user "packager" to only installing packages on this
> > # machine
> > packager home = NOPASSWD: (root) /usr/bin/apt, (root)
> > /usr/bin/aptitude, (root) /usr/bin/dpkg
> >
> > # Allow users to install packages via "packager"
> > granttrec home = (packager) /usr/bin/apt, (packager) /usr/bin/aptitude
> >
> > The user packager was created as a system user and belongs to nogroup,
> > I tried adding thi user to the sudo group but no effect, the command I
> > am trying to run is:
> >
> > sudo -u packager sudo aptitude install ...
> >
> > Also If I enter aptitude, I can become root without a sudo promt.
>
> 1) What does "enter aptitude" mean?
>
> 2) I assume that "grantrec" is a group. If it is, you'll need "%grantrec".
>
> 3) Don't add "packager" to the "sudo" group or the "grantrec"
> members'll be able to run any command as "root".
>
> 4) Are you sure that you can put "NOPASSWD:" before the systemname?
> I'm not familiar with allowing multiple commands without an alias so
> maybe. But, AFAIR, comes just before a command.
>
> 5) Why do you need "packager"? You can give the "grantrec" members
> direct access:
>
> Cmnd_Alias INST = /usr/bin/apt, /usr/bin/aptitude, /usr/bin/apt-get,
> /usr/bin/dpkg
>
> %grantrec home = (root) INST
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/ubuntu-users
>



-- 
*Ricardo Grant*
Computer Science Student, Laurentian University
P: 705 698 2961
E: rgrant at laurentian.ca
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20180715/03047e5d/attachment.html>