LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   User permitted to run command,execute program as root and after execution, exit root (https://www.linuxquestions.org/questions/linux-newbie-8/user-permitted-to-run-command-execute-program-as-root-and-after-execution-exit-root-4175539860/)

vjlxmi 04-16-2015 03:46 AM
User permitted to run command,execute program as root and after execution, exit root
 
when a command is typed(i.e. /path/to/the/program), as a normal user, he should be able to run that command , execute that program as ROOT and log out root after the execution is completed.
Only one user should be able to do it.
Hence, I have created a new user vj and added the following command in visudo:
Code:
vj ALL=(ALL) NOPASSWD: /path/to/the/program
Now user vj will be able to typein the command.

What I need is that the program which is been called must run as if it is run by a root user,and when the program is completely executed, exit the root user.

How do I proceed?

pan64 04-16-2015 04:15 AM
that is the command sudo:
sudo /path/to/the/program
That's why you used visudo to modify configuration.

vjlxmi 04-16-2015 04:45 AM
Quote:
vj ALL=(ALL) NOPASSWD: /path/to/the/program
The above command will allow the user to call the program, but if there are n other things that are being executed inside the original program.
The user vj has no rights to execute them. So, do I explicitly have to allow the user to execute the n number of commands?

TobiSGD 04-16-2015 04:51 AM
Quote:
Originally Posted by vjlxmi (Post 5348195)
The above command will allow the user to call the program, but if there are n other things that are being executed inside the original program.
The user vj has no rights to execute them. So, do I explicitly have to allow the user to execute the n number of commands?
No, if that program starts other programs those other programs inherit the privilege of the program that started them. No further configuration is needed. For security, make sure that those other programs that are started are trusted and that the user can't use them to alter the configuration of the sudo program.

vjlxmi 04-16-2015 05:50 AM
I have called "ifup eth0" in the program, and it gives me an error
Quote:
Users cannot control this device.

TobiSGD 04-16-2015 06:08 AM
you have to call the program using sudo:
Code:
sudo ifup eth0

vjlxmi 04-16-2015 06:16 AM
So, it means that if I add the user to visudo and then run it, it should not give me an error.
Adding it to visudo is as good as writing sudo before the command right?

pan64 04-16-2015 06:18 AM
vi is an editor, visudo means edit the configuration file of sudo (see: man visudo).

"Adding to visudo" is exaclty the same as "writing sudo rights".

TobiSGD 04-16-2015 06:22 AM
Quote:
Originally Posted by vjlxmi (Post 5348221)
So, it means that if I add the user to visudo and then run it, it should not give me an error.
Adding it to visudo is as good as writing sudo before the command right?
No, visude and sudo have to be used in conjunction. You use visude to tell the sudo program which user can run specific programs as root. To actually do that you have to put sudo in front of those programs.

vjlxmi 04-16-2015 06:29 AM
But when I add this command to the visudo it gives me an error :(
Quote:
command:
vj ALL = (ALL) NOPASSWD: /sbin/ifup eth0, /sbin/ifdown eth0
Quote:
error:
visudo: >>> /etc/sudoers: syntax error near line 122 <<<

vjlxmi 04-16-2015 06:34 AM
@TobiSGD I think I got it. U mean that I should add ifup and ifdown in viduso and should write sudo /sbin/ifup in the program where I am calling it right?

TobiSGD 04-16-2015 07:29 AM
Quote:
Originally Posted by vjlxmi (Post 5348233)
@TobiSGD I think I got it. U mean that I should add ifup and ifdown in viduso and should write sudo /sbin/ifup in the program where I am calling it right?
Exactly.

vjlxmi 04-17-2015 06:30 AM
It's working.. thankyou :)


All times are GMT -5. The time now is 01:46 AM.