LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-16-2015, 04:46 AM   #1
vjlxmi
Member
 
Registered: Aug 2014
Posts: 38

Rep: Reputation: Disabled
User permitted to run command,execute program as root and after execution, exit root


when a command is typed(i.e. /path/to/the/program), as a normal user, he should be able to run that command , execute that program as ROOT and log out root after the execution is completed.
Only one user should be able to do it.
Hence, I have created a new user vj and added the following command in visudo:
Code:
vj ALL=(ALL) NOPASSWD: /path/to/the/program
Now user vj will be able to typein the command.

What I need is that the program which is been called must run as if it is run by a root user,and when the program is completely executed, exit the root user.

How do I proceed?
 
Old 04-16-2015, 05:15 AM   #2
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian i686 (solaris)
Posts: 8,104

Rep: Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267
that is the command sudo:
sudo /path/to/the/program
That's why you used visudo to modify configuration.
 
Old 04-16-2015, 05:45 AM   #3
vjlxmi
Member
 
Registered: Aug 2014
Posts: 38

Original Poster
Rep: Reputation: Disabled
Quote:
vj ALL=(ALL) NOPASSWD: /path/to/the/program
The above command will allow the user to call the program, but if there are n other things that are being executed inside the original program.
The user vj has no rights to execute them. So, do I explicitly have to allow the user to execute the n number of commands?

Last edited by vjlxmi; 04-16-2015 at 05:46 AM.
 
Old 04-16-2015, 05:51 AM   #4
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,130
Blog Entries: 2

Rep: Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825
Quote:
Originally Posted by vjlxmi View Post
The above command will allow the user to call the program, but if there are n other things that are being executed inside the original program.
The user vj has no rights to execute them. So, do I explicitly have to allow the user to execute the n number of commands?
No, if that program starts other programs those other programs inherit the privilege of the program that started them. No further configuration is needed. For security, make sure that those other programs that are started are trusted and that the user can't use them to alter the configuration of the sudo program.
 
1 members found this post helpful.
Old 04-16-2015, 06:50 AM   #5
vjlxmi
Member
 
Registered: Aug 2014
Posts: 38

Original Poster
Rep: Reputation: Disabled
I have called "ifup eth0" in the program, and it gives me an error
Quote:
Users cannot control this device.
 
Old 04-16-2015, 07:08 AM   #6
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,130
Blog Entries: 2

Rep: Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825
you have to call the program using sudo:
Code:
sudo ifup eth0
 
Old 04-16-2015, 07:16 AM   #7
vjlxmi
Member
 
Registered: Aug 2014
Posts: 38

Original Poster
Rep: Reputation: Disabled
So, it means that if I add the user to visudo and then run it, it should not give me an error.
Adding it to visudo is as good as writing sudo before the command right?
 
Old 04-16-2015, 07:18 AM   #8
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian i686 (solaris)
Posts: 8,104

Rep: Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267Reputation: 2267
vi is an editor, visudo means edit the configuration file of sudo (see: man visudo).

"Adding to visudo" is exaclty the same as "writing sudo rights".
 
Old 04-16-2015, 07:22 AM   #9
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,130
Blog Entries: 2

Rep: Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825
Quote:
Originally Posted by vjlxmi View Post
So, it means that if I add the user to visudo and then run it, it should not give me an error.
Adding it to visudo is as good as writing sudo before the command right?
No, visude and sudo have to be used in conjunction. You use visude to tell the sudo program which user can run specific programs as root. To actually do that you have to put sudo in front of those programs.
 
1 members found this post helpful.
Old 04-16-2015, 07:29 AM   #10
vjlxmi
Member
 
Registered: Aug 2014
Posts: 38

Original Poster
Rep: Reputation: Disabled
But when I add this command to the visudo it gives me an error
Quote:
command:
vj ALL = (ALL) NOPASSWD: /sbin/ifup eth0, /sbin/ifdown eth0
Quote:
error:
visudo: >>> /etc/sudoers: syntax error near line 122 <<<
 
Old 04-16-2015, 07:34 AM   #11
vjlxmi
Member
 
Registered: Aug 2014
Posts: 38

Original Poster
Rep: Reputation: Disabled
@TobiSGD I think I got it. U mean that I should add ifup and ifdown in viduso and should write sudo /sbin/ifup in the program where I am calling it right?
 
Old 04-16-2015, 08:29 AM   #12
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,130
Blog Entries: 2

Rep: Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825
Quote:
Originally Posted by vjlxmi View Post
@TobiSGD I think I got it. U mean that I should add ifup and ifdown in viduso and should write sudo /sbin/ifup in the program where I am calling it right?
Exactly.
 
Old 04-17-2015, 07:30 AM   #13
vjlxmi
Member
 
Registered: Aug 2014
Posts: 38

Original Poster
Rep: Reputation: Disabled
It's working.. thankyou
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
visudo: How to let a user run only a certain program as root? Ryan Hoots Linux - Newbie 6 09-09-2011 10:20 AM
Root execute command as a normal user carlosjf Linux - Newbie 5 04-01-2011 07:41 PM
why lftp command run failed when user isn't root, but ok when logining as root steven_yu Linux - Software 0 06-06-2007 09:36 PM
boot script execute command as non-root user wampfler Linux - Security 7 09-24-2004 05:56 AM
Run program from root login as non-priveledged user? pr0wl3r Linux - Security 3 08-17-2004 10:52 PM


All times are GMT -5. The time now is 06:50 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration