Re: [Fwd: [Fwd: [sudo-users] Config sudo for installation]]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Mikkel L. Ellertson wrote:
edwardspl@xxxxxxxxxx wrote:
  
Mikkel L. Ellertson wrote:
    
edwardspl@xxxxxxxxxx wrote:
  
      
Dear All,

How can we config sudores, then assign a user ( without root ) to running the following :
Install source code package, include the command of tar, configure, make and make install.

Edward.

    
        
You would only need sudo for the make install command - you can do
the rest as a normal user. (At least for almost all packages...) I
have not tried it, but I suspect that if you created a group called
install, and put a rule something like this in /etc/sudoers:

%install	localhost=make install

You could also use something like thins if you do not want it to be
limited to users at the console:

%install	ALL=make install

If you do not want the user asked for his password when running the
command, you can add "NOPASSWD: ALL" at the end.

Mikkel
  
      
Hello Mikkel,

Sorry, I don't quite understanding your means...
I just want a sample for installing source code packages ( how to use
the command of configure / make / make install ) ?

For my config of sudores :

User_Alias    ADMIN = admin

ADMIN    HOST = NOPASSWD: /bin/tar

Edward.

    
I am surprised that that works. Shouldn't the format be:

ADMIN	HOST = /bin/tar		NOPASSWD: ALL

But you do not need to be root to install the source code. If you
are installing it in your home directory, you can run tar as a
normal user. You should be able to do all the steps except
installing the software as a normal user. I do it all time when
building from source. I also build RPMs as a normal user, and then
install them as root.

If HOST is an alias for the hosts you want to be able to run the
command as, try this:

ADMIN	HOST = /usr/bin/make install	NOPASSWD: ALL

If it isn't, then try:

ADMIN	localhost = /usr/bin/make install	NOPASSWD: ALL

or

admin	localhost = /usr/bin/make install	NOPASSWD: ALL

Just remember, if admin really tries, he/she can run any command
they can put in the make file in the install section, or install any
kind of suid program they want to. It would not be hard to use this
to get full root access to the system. That is one reason to limit
where it can be run from, and who can run it!

Mikkel
  
Hello,

If so, do you means ( config of sudoers ) :
ADMIN	HOST = /bin/tar, /usr/bin/make install	NOPASSWD: ALL

or

ADMIN	localhost = /bin/tar, /usr/bin/make install	NOPASSWD: ALL

BYW, if the ADMIN is admin, then :

run command of "sudo /bin/tar file-name-packages" or "sudo tar file-name-packages" is okay ?

And

run command of "sudo /usr/bin/make install file-name-packages" or "sudo make install file-name-packages" is okay ?

Edward.

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux