LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-10-2011, 07:13 AM   #1
gujedan
Member
 
Registered: Oct 2010
Posts: 121

Rep: Reputation: 1
allow normal user to exec some root commands w/o sudo


what do I add to visudo? the sudo manual is kind of cryptic..
 
Old 11-10-2011, 07:38 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529
Quote:
Originally Posted by gujedan View Post
what do I add to visudo?
To "allow normal user to exec some root commands w/o sudo"? Nothing. What is it that you are trying to do? What exact command will be used?
 
Old 11-10-2011, 07:41 AM   #3
gujedan
Member
 
Registered: Oct 2010
Posts: 121

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by unSpawn View Post
To "allow normal user to exec some root commands w/o sudo"? Nothing. What is it that you are trying to do? What exact command will be used?
example: I want to execute 'halt' as a normal user w/o sudo.
 
Old 11-10-2011, 08:17 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529
Quote:
Originally Posted by gujedan View Post
I want to execute 'halt' as a normal user
Only root should do that. Why would you allow unprivileged users to shut down the machine?
 
Old 11-10-2011, 08:23 AM   #5
gujedan
Member
 
Registered: Oct 2010
Posts: 121

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by unSpawn View Post
Only root should do that. Why would you allow unprivileged users to shut down the machine?
can we just skip the part where we spend an hour talking about my motives to do it and get to the part where you either answer, I give you some rep and mark the thread as solved or you move away of this thread if you don't know the answer.

Last edited by colucix; 11-10-2011 at 09:51 AM. Reason: Removed inappropriate language
 
1 members found this post helpful.
Old 11-10-2011, 08:28 AM   #6
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670
On most systems, a quick press of the power switch will shut down the system. If the desktop is used, they can select shutdown from the menu.

If your system uses polkit, there are several shutdown policies:
org.freedesktop.hal.power-management.shutdown
org.freedesktop.hal.power-management.shutdown-multiple-sessions
org.freedesktop.hal.power-management.reboot
org.freedesktop.hal.power-management.reboot-multiple-sessions

Also try reading the sudoers man page instead of the sudo manpage. It has examples.
 
Old 11-10-2011, 08:52 AM   #7
gujedan
Member
 
Registered: Oct 2010
Posts: 121

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by jschiwal View Post
On most systems, a quick press of the power switch will shut down the system. If the desktop is used, they can select shutdown from the menu.
I just brought the halt command as an example. This thread is about making a currently root-only command available to the standard user. I don't need advice on how to shut down my computer.

Quote:
Originally Posted by jschiwal View Post
Also try reading the sudoers man page instead of the sudo manpage. It has examples.
Tried that and am still trying, but it is qualifies as the most cryptic, confusing and incoherent manual I've ever read, which is why this thread exists.

Last edited by gujedan; 11-10-2011 at 09:01 AM.
 
Old 11-10-2011, 09:53 AM   #8
gujedan
Member
 
Registered: Oct 2010
Posts: 121

Original Poster
Rep: Reputation: 1
Code:
Cmnd_Alias     HALT = /usr/sbin/halt
myusername ALL=NOPASSWD: HALT
halt w/o giving pass for sudo, sufficient enough for now.
 
Old 11-10-2011, 09:58 AM   #9
colucix
LQ Guru
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,509

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
Quote:
Originally Posted by unSpawn
Only root should do that. Why would you allow unprivileged users to shut down the machine?
Quote:
Originally Posted by gujedan View Post
can we just skip the part where we spend an hour talking about my motives to do it and get to the part where you either answer, I give you some rep and mark the thread as solved or you move away of this thread if you don't know the answer.
unSpawn here is one of the members with an invaluable expertise about Linux security. His advice was concerned to the security of your system. I also manage a HPC network in my lab where no user is allowed to shutdown anything, since the CPUs work on a 24/7 basis. That's a good advice in my humble opinion and he didn't deserve such a rude reply. Nuff' said.
 
Old 11-10-2011, 11:42 AM   #10
akuthia
Member
 
Registered: Oct 2007
Location: triad, nc, usa
Distribution: Ubuntu
Posts: 232

Rep: Reputation: 29
"ignore my motives" is always a great cover up for "I'm trying to do something nefarious"
 
Old 11-10-2011, 05:20 PM   #11
kbscores
Member
 
Registered: Oct 2011
Location: USA
Distribution: Red Hat
Posts: 259
Blog Entries: 9

Rep: Reputation: 32
I know this was solved but I figured I'd add an alternative. If you want a specific group of people to run something as root...
Code:
Cmnd_Alias MYCMDS = /usr/bin/halt, /path/cmd
Runas_Alias ADMIN_ALIAS = root
groupname       ALL=(ADMIN_ALIAS)     NOPASSWD:  MYCMDS

Last edited by kbscores; 11-10-2011 at 05:40 PM.
 
Old 11-10-2011, 11:42 PM   #12
evo2
LQ Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,753

Rep: Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288Reputation: 1288
Hi,

Quote:
Originally Posted by unSpawn View Post
Only root should do that. Why would you allow unprivileged users to shut down the machine?
I think there are valid reasons. Note that with this setup you can allow a somewhat trusted user to cleanly shutdown
the machine, without giving them full root permission.

For example, I usually setup my laptops like this. I don't use a gui that provides a way to
shutdown the machine, so allowing myself to simply run
Code:
sudo halt
when I want to shut it down is fairly convenient.

Cheers,

Evo2.
 
Old 11-11-2011, 12:16 AM   #13
malekmustaq
Senior Member
 
Registered: Dec 2008
Location: root
Distribution: Slackware & BSD
Posts: 1,613

Rep: Reputation: 433Reputation: 433Reputation: 433Reputation: 433Reputation: 433
Quote:
unSpawn here is one of the members with an invaluable expertise about Linux security. His advice was concerned to the security of your system..... That's a good advice in my humble opinion and he didn't deserve such a rude reply.

I second the motion.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] normal user, shutdown-dialog.sh with no sudo... linus72 Slackware 4 08-04-2010 07:10 PM
How to make a normal user execute commands of the super user's .?.. siranjeevi Linux - Server 1 07-03-2010 04:51 AM
Need to mount as normal user, using sudo? SlowCoder Linux - General 2 08-26-2007 07:52 PM
ambiguous redirect when running a script in /root/bin with sudo as normal user chadwick Linux - General 2 06-01-2007 10:57 AM
SuSE93 Root password rejected from normal user mode (No Sudo, No YaST) Peacepunk SUSE / openSUSE 2 02-11-2007 07:34 PM


All times are GMT -5. The time now is 02:37 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration