git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Installing Packages as Another User with Sudo


On Sun, Jul 15, 2018 at 9:28 AM Ricardo Grant <rgrant at laurentian.ca> wrote:
>
> Hello Tom, thanks for replying.
>
> 1:
> Aptitude has a cli interface as well as an ncurses based one for interactive package management.
> So after running aptitude, under the action menu there is the option to become root.
>
> 2:
> No it is a user. Also after learning more I realize the root is not needed there.
>
> 3:
> No that had to be fixed, thanks. Although trying to "nest" privileges actually does't work.
>
> 4:
> The idea was that one user is delegated to installing packages on my system, as well as some other ideas that I can't quite explain...
> Anyways, I realize that it's probably best to follow your example.
>
> Thanks again.
>
> On 15 July 2018 at 02:34, Tom H <tomh0665 at gmail.com> wrote:
>> On Sat, Jul 14, 2018 at 1:17 AM Ricardo Grant <rgrant at laurentian.ca> wrote:
>>>
>>> I have been trying and failing to set up the sudoers file so that I
>>> can run apt/dpkg/etc as another user without sudo (root) access. Here
>>> is a snippet:
>>>
>>> # Restrict the user "packager" to only installing packages on this
>>> # machine
>>> packager home = NOPASSWD: (root) /usr/bin/apt, (root)
>>> /usr/bin/aptitude, (root) /usr/bin/dpkg
>>>
>>> # Allow users to install packages via "packager"
>>> granttrec home = (packager) /usr/bin/apt, (packager) /usr/bin/aptitude
>>>
>>> The user packager was created as a system user and belongs to nogroup,
>>> I tried adding thi user to the sudo group but no effect, the command I
>>> am trying to run is:
>>>
>>> sudo -u packager sudo aptitude install ...
>>>
>>> Also If I enter aptitude, I can become root without a sudo promt.
>>
>> 1) What does "enter aptitude" mean?
>>
>> 2) I assume that "grantrec" is a group. If it is, you'll need "%grantrec".
>>
>> 3) Don't add "packager" to the "sudo" group or the "grantrec"
>> members'll be able to run any command as "root".
>>
>> 4) Are you sure that you can put "NOPASSWD:" before the systemname?
>> I'm not familiar with allowing multiple commands without an alias so
>> maybe. But, AFAIR, comes just before a command.
>>
>> 5) Why do you need "packager"? You can give the "grantrec" members
>> direct access:
>>
>> Cmnd_Alias INST = /usr/bin/apt, /usr/bin/aptitude, /usr/bin/apt-get,
>> /usr/bin/dpkg
>>
>> %grantrec home = (root) INST

You're welcome.

If you really want to have your users sudo to "packager" and have
"packager" perform the install,this might work:

Cmnd_Alias INST = /usr/bin/apt, /usr/bin/aptitude, /usr/bin/apt-get,
/usr/bin/dpkg

packager home = (root) NOPASSWD: INST

%grantrec home = (packager) ALL

[ with the users allowed to install/uninstall in the "grantrec" group ]




( ! ) Warning: include(msgfooter.php): failed to open stream: No such file or directory in /var/www/git/ubuntu-users/msg37789.html on line 145
Call Stack
#TimeMemoryFunctionLocation
10.0006368472{main}( ).../msg37789.html:0

( ! ) Warning: include(): Failed opening 'msgfooter.php' for inclusion (include_path='.:/var/www/git') in /var/www/git/ubuntu-users/msg37789.html on line 145
Call Stack
#TimeMemoryFunctionLocation
10.0006368472{main}( ).../msg37789.html:0