[SOLVED] allow normal user to exec some root commands w/o sudo

gujedan · 11-10-2011, 06:13 AM

what do I add to visudo? the sudo manual is kind of cryptic..

unSpawn · 11-10-2011, 06:38 AM

Quote:

Originally Posted by gujedan

what do I add to visudo?

To "allow normal user to exec some root commands w/o sudo"? Nothing. What is it that you are trying to do? What exact command will be used?

gujedan · 11-10-2011, 06:41 AM

Quote:

Originally Posted by unSpawn

To "allow normal user to exec some root commands w/o sudo"? Nothing. What is it that you are trying to do? What exact command will be used?

example: I want to execute 'halt' as a normal user w/o sudo.

unSpawn · 11-10-2011, 07:17 AM

Quote:

Originally Posted by gujedan

I want to execute 'halt' as a normal user

Only root should do that. Why would you allow unprivileged users to shut down the machine?

gujedan · 11-10-2011, 07:23 AM

Quote:

Originally Posted by unSpawn

Only root should do that. Why would you allow unprivileged users to shut down the machine?

can we just skip the part where we spend an hour talking about my motives to do it and get to the part where you either answer, I give you some rep and mark the thread as solved or you move away of this thread if you don't know the answer.

jschiwal · 11-10-2011, 07:28 AM

On most systems, a quick press of the power switch will shut down the system. If the desktop is used, they can select shutdown from the menu.

If your system uses polkit, there are several shutdown policies:
org.freedesktop.hal.power-management.shutdown
org.freedesktop.hal.power-management.shutdown-multiple-sessions
org.freedesktop.hal.power-management.reboot
org.freedesktop.hal.power-management.reboot-multiple-sessions

Also try reading the sudoers man page instead of the sudo manpage. It has examples.

gujedan · 11-10-2011, 07:52 AM

Quote:

Originally Posted by jschiwal

On most systems, a quick press of the power switch will shut down the system. If the desktop is used, they can select shutdown from the menu.

I just brought the halt command as an example. This thread is about making a currently root-only command available to the standard user. I don't need advice on how to shut down my computer.

Quote:

Originally Posted by jschiwal

Also try reading the sudoers man page instead of the sudo manpage. It has examples.

Tried that and am still trying, but it is qualifies as the most cryptic, confusing and incoherent manual I've ever read, which is why this thread exists.

gujedan · 11-10-2011, 08:53 AM

Code:

Cmnd_Alias     HALT = /usr/sbin/halt
myusername ALL=NOPASSWD: HALT

halt w/o giving pass for sudo, sufficient enough for now.

colucix · 11-10-2011, 08:58 AM

Quote:

Originally Posted by unSpawn

Only root should do that. Why would you allow unprivileged users to shut down the machine?

Quote:

Originally Posted by gujedan

can we just skip the part where we spend an hour talking about my motives to do it and get to the part where you either answer, I give you some rep and mark the thread as solved or you move away of this thread if you don't know the answer.

unSpawn here is one of the members with an invaluable expertise about Linux security. His advice was concerned to the security of your system. I also manage a HPC network in my lab where no user is allowed to shutdown anything, since the CPUs work on a 24/7 basis. That's a good advice in my humble opinion and he didn't deserve such a rude reply. Nuff' said.

akuthia · 11-10-2011, 10:42 AM

"ignore my motives" is always a great cover up for "I'm trying to do something nefarious"

kbscores · 11-10-2011, 04:20 PM

I know this was solved but I figured I'd add an alternative. If you want a specific group of people to run something as root...

Code:

Cmnd_Alias MYCMDS = /usr/bin/halt, /path/cmd
Runas_Alias ADMIN_ALIAS = root
groupname       ALL=(ADMIN_ALIAS)     NOPASSWD:  MYCMDS

evo2 · 11-10-2011, 10:42 PM

Hi,

Quote:

Originally Posted by unSpawn

Only root should do that. Why would you allow unprivileged users to shut down the machine?

I think there are valid reasons. Note that with this setup you can allow a somewhat trusted user to cleanly shutdown
the machine, without giving them full root permission.

For example, I usually setup my laptops like this. I don't use a gui that provides a way to
shutdown the machine, so allowing myself to simply run

Code:

sudo halt

when I want to shut it down is fairly convenient.

Cheers,

Evo2.

malekmustaq · 11-10-2011, 11:16 PM

Quote:

unSpawn here is one of the members with an invaluable expertise about Linux security. His advice was concerned to the security of your system..... That's a good advice in my humble opinion and he didn't deserve such a rude reply.

I second the motion.