LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   Running root commands as user (https://www.linuxquestions.org/questions/slackware-14/running-root-commands-as-user-767564/)

arubin 11-07-2009 02:30 PM
Running root commands as user
 
After a few hours work I have managed to set up pptd so that my daughter can log into her account at Imperial College.

My problem now is that I need to have a script that she can run if she wants to log in. She will have to invoke a couple of root commands and I do not want to give her the root password

What she needs to do to set up networking is:

Quote:
pppd call imperial dump debug logfd 2 nodetach require-mppe
/sbin/ip route add default dev ppp0
How can I enable things so that she can run this script as user?

saulgoode 11-07-2009 02:44 PM
If you add the following line to /etc/sudoers,
Code:
daughter ALL=NOPASSWD:/usr/sbin/pppd call imperial dump debug logfd 2 nodetach require-mppe,/sbin/ip route add default dev ppp0
then user 'daughter' will be permitted to execute "sudo /usr/sbin/pppd call imperial dump debug logfd 2 nodetach require-mppe" and "sudo /sbin/ip route add default dev ppp0" without supplying a password (if the parameters are changed at all, then the command won't run).

You will probably wish to incorporate those commands in a script, but that script can be run by your daughter and the calls to those two commands will get executed without password prompting.

Use 'man sudoers' for information on additional options.

arubin 11-07-2009 02:49 PM
Do I really have to use visudo to edit this rather than kdesu kate?

saulgoode 11-07-2009 02:55 PM
Quote:
Originally Posted by arubin (Post 3748494)
Do I really have to use visudo to edit this rather than kdesu kate?
No, you do not have to use 'visudo'; however, there are a couple of advantages.

As explained in "man 8 visudo":

Quote:
visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors. If the sudoers file is currently being edited you will receive a message to try again later.

arubin 11-07-2009 03:22 PM
So I have this in sudoers

Quote:
katy ALL=NOPASSWD:/usr/sbin/pppd call imperial dump debug logfd 2 nodetach requi
re-mppe,/sbin/ip route add default dev ppp0
but when I run the script I get

Quote:
/usr/sbin/pppd: must be root to run /usr/sbin/pppd, since it is not setuid-root

saulgoode 11-07-2009 03:30 PM
Does your script have a 'sudo' in front of the command?
sudo /usr/sbin/pppd call imperial dump debug logfd 2 nodetach require-mppe

arubin 11-07-2009 03:31 PM
I think I have solved that with chmod +s /usr/sbin/pppd

arubin 11-07-2009 03:39 PM
Oops! Ok added sudo

but now I have this -

Quote:
sh: pptp: command not found
Modem hangup
Connection terminated.
Script pptp vpn.ic.ac.uk --nolaunchpppd finished (pid 4226), status = 0x7f
Cannot find device "ppp0"
Do I need to add pptp to sudoers?

arubin 11-07-2009 03:57 PM
ln -s /usr/sbin/pptp /usr/bin/pptp

seems to solve that. Nearly there

arubin 11-07-2009 04:16 PM
One more problem;

Quote:
sudo /usr/sbin/pppd call imperial dump debug logfd 2 nodetach require-mppe &
sudo /sbin/ip route add default dev ppp0
in one script doesn't seem to work

If I separate them into one command in each of two scripts it is OK.

How do I get them to work togrther in one script?

arubin 11-07-2009 04:28 PM
Quote:
sleep 5
solved that

unSpawn 11-07-2009 05:05 PM
Quote:
Originally Posted by arubin (Post 3748521)
I think I have solved that with chmod +s /usr/sbin/pppd
No you didn't and you shouldn't. If the application isn't meant to be run setuid root then basically you've created a weakness. Sudo is there to avoid making mistakes like that. But what's more worrying is the idea that making anything setuid root "solves" things: I suggest you reread the most basic GNU/Linux docs again.

arubin 11-07-2009 06:26 PM
Yes I had realised that. The problem was that I had left sudo out of the script and I had reset it to -s when the penny dropped.


All times are GMT -5. The time now is 12:26 PM.