Re: [Fwd: [Fwd: [sudo-users] Config sudo for installation]]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



edwardspl@xxxxxxxxxx wrote:
> Mikkel L. Ellertson wrote:
>> edwardspl@xxxxxxxxxx wrote:
>>   
>>> Dear All,
>>>
>>> How can we config sudores, then assign a user ( without root ) to running the following :
>>> Install source code package, include the command of tar, configure, make and make install.
>>>
>>> Edward.
>>>
>>>     
>> You would only need sudo for the make install command - you can do
>> the rest as a normal user. (At least for almost all packages...) I
>> have not tried it, but I suspect that if you created a group called
>> install, and put a rule something like this in /etc/sudoers:
>>
>> %install	localhost=make install
>>
>> You could also use something like thins if you do not want it to be
>> limited to users at the console:
>>
>> %install	ALL=make install
>>
>> If you do not want the user asked for his password when running the
>> command, you can add "NOPASSWD: ALL" at the end.
>>
>> Mikkel
>>   
> Hello Mikkel,
> 
> Sorry, I don't quite understanding your means...
> I just want a sample for installing source code packages ( how to use
> the command of configure / make / make install ) ?
> 
> For my config of sudores :
> 
> User_Alias    ADMIN = admin
> 
> ADMIN    HOST = NOPASSWD: /bin/tar
> 
> Edward.
> 
I am surprised that that works. Shouldn't the format be:

ADMIN	HOST = /bin/tar		NOPASSWD: ALL

But you do not need to be root to install the source code. If you
are installing it in your home directory, you can run tar as a
normal user. You should be able to do all the steps except
installing the software as a normal user. I do it all time when
building from source. I also build RPMs as a normal user, and then
install them as root.

If HOST is an alias for the hosts you want to be able to run the
command as, try this:

ADMIN	HOST = /usr/bin/make install	NOPASSWD: ALL

If it isn't, then try:

ADMIN	localhost = /usr/bin/make install	NOPASSWD: ALL

or

admin	localhost = /usr/bin/make install	NOPASSWD: ALL

Just remember, if admin really tries, he/she can run any command
they can put in the make file in the install section, or install any
kind of suid program they want to. It would not be hard to use this
to get full root access to the system. That is one reason to limit
where it can be run from, and who can run it!

Mikkel
-- 

  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux