Installing Packages as Another User with Sudo
On Sun, Jul 15, 2018 at 9:28 AM Ricardo Grant <rgrant at laurentian.ca> wrote:
> Hello Tom, thanks for replying.
> Aptitude has a cli interface as well as an ncurses based one for interactive package management.
> So after running aptitude, under the action menu there is the option to become root.
> No it is a user. Also after learning more I realize the root is not needed there.
> No that had to be fixed, thanks. Although trying to "nest" privileges actually does't work.
> The idea was that one user is delegated to installing packages on my system, as well as some other ideas that I can't quite explain...
> Anyways, I realize that it's probably best to follow your example.
> Thanks again.
> On 15 July 2018 at 02:34, Tom H <tomh0665 at gmail.com> wrote:
>> On Sat, Jul 14, 2018 at 1:17 AM Ricardo Grant <rgrant at laurentian.ca> wrote:
>>> I have been trying and failing to set up the sudoers file so that I
>>> can run apt/dpkg/etc as another user without sudo (root) access. Here
>>> is a snippet:
>>> # Restrict the user "packager" to only installing packages on this
>>> # machine
>>> packager home = NOPASSWD: (root) /usr/bin/apt, (root)
>>> /usr/bin/aptitude, (root) /usr/bin/dpkg
>>> # Allow users to install packages via "packager"
>>> granttrec home = (packager) /usr/bin/apt, (packager) /usr/bin/aptitude
>>> The user packager was created as a system user and belongs to nogroup,
>>> I tried adding thi user to the sudo group but no effect, the command I
>>> am trying to run is:
>>> sudo -u packager sudo aptitude install ...
>>> Also If I enter aptitude, I can become root without a sudo promt.
>> 1) What does "enter aptitude" mean?
>> 2) I assume that "grantrec" is a group. If it is, you'll need "%grantrec".
>> 3) Don't add "packager" to the "sudo" group or the "grantrec"
>> members'll be able to run any command as "root".
>> 4) Are you sure that you can put "NOPASSWD:" before the systemname?
>> I'm not familiar with allowing multiple commands without an alias so
>> maybe. But, AFAIR, comes just before a command.
>> 5) Why do you need "packager"? You can give the "grantrec" members
>> direct access:
>> Cmnd_Alias INST = /usr/bin/apt, /usr/bin/aptitude, /usr/bin/apt-get,
>> %grantrec home = (root) INST
If you really want to have your users sudo to "packager" and have
"packager" perform the install,this might work:
Cmnd_Alias INST = /usr/bin/apt, /usr/bin/aptitude, /usr/bin/apt-get,
packager home = (root) NOPASSWD: INST
%grantrec home = (packager) ALL
[ with the users allowed to install/uninstall in the "grantrec" group ]