edwardspl@xxxxxxxxxx wrote: > Mikkel L. Ellertson wrote: >> edwardspl@xxxxxxxxxx wrote: >> >>> Dear All, >>> >>> How can we config sudores, then assign a user ( without root ) to running the following : >>> Install source code package, include the command of tar, configure, make and make install. >>> >>> Edward. >>> >>> >> You would only need sudo for the make install command - you can do >> the rest as a normal user. (At least for almost all packages...) I >> have not tried it, but I suspect that if you created a group called >> install, and put a rule something like this in /etc/sudoers: >> >> %install localhost=make install >> >> You could also use something like thins if you do not want it to be >> limited to users at the console: >> >> %install ALL=make install >> >> If you do not want the user asked for his password when running the >> command, you can add "NOPASSWD: ALL" at the end. >> >> Mikkel >> > Hello Mikkel, > > Sorry, I don't quite understanding your means... > I just want a sample for installing source code packages ( how to use > the command of configure / make / make install ) ? > > For my config of sudores : > > User_Alias ADMIN = admin > > ADMIN HOST = NOPASSWD: /bin/tar > > Edward. > I am surprised that that works. Shouldn't the format be: ADMIN HOST = /bin/tar NOPASSWD: ALL But you do not need to be root to install the source code. If you are installing it in your home directory, you can run tar as a normal user. You should be able to do all the steps except installing the software as a normal user. I do it all time when building from source. I also build RPMs as a normal user, and then install them as root. If HOST is an alias for the hosts you want to be able to run the command as, try this: ADMIN HOST = /usr/bin/make install NOPASSWD: ALL If it isn't, then try: ADMIN localhost = /usr/bin/make install NOPASSWD: ALL or admin localhost = /usr/bin/make install NOPASSWD: ALL Just remember, if admin really tries, he/she can run any command they can put in the make file in the install section, or install any kind of suid program they want to. It would not be hard to use this to get full root access to the system. That is one reason to limit where it can be run from, and who can run it! Mikkel -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup!
