LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Thread Tools
Old 11-07-2009, 03:30 PM   #1
arubin
Member
 
Registered: Mar 2004
Location: Middx UK
Distribution: Slackware64 13 (multilib)
Posts: 918
Thanked: 2
Running root commands as user


[Log in to get rid of this advertisement]
After a few hours work I have managed to set up pptd so that my daughter can log into her account at Imperial College.

My problem now is that I need to have a script that she can run if she wants to log in. She will have to invoke a couple of root commands and I do not want to give her the root password

What she needs to do to set up networking is:

Quote:
pppd call imperial dump debug logfd 2 nodetach require-mppe
/sbin/ip route add default dev ppp0
How can I enable things so that she can run this script as user?
linux arubin is offline     Reply With Quote
Old 11-07-2009, 03:44 PM   #2
saulgoode
Member
 
Registered: May 2007
Distribution: Slackware
Posts: 86
Thanked: 9
If you add the following line to /etc/sudoers,
Code:
daughter ALL=NOPASSWD:/usr/sbin/pppd call imperial dump debug logfd 2 nodetach require-mppe,/sbin/ip route add default dev ppp0
then user 'daughter' will be permitted to execute "sudo /usr/sbin/pppd call imperial dump debug logfd 2 nodetach require-mppe" and "sudo /sbin/ip route add default dev ppp0" without supplying a password (if the parameters are changed at all, then the command won't run).

You will probably wish to incorporate those commands in a script, but that script can be run by your daughter and the calls to those two commands will get executed without password prompting.

Use 'man sudoers' for information on additional options.

Last edited by saulgoode; 11-07-2009 at 03:46 PM..
linux saulgoode is offline     Reply With Quote
Thanked by:
Old 11-07-2009, 03:49 PM   #3
arubin
Member
 
Registered: Mar 2004
Location: Middx UK
Distribution: Slackware64 13 (multilib)
Posts: 918
Thanked: 2

Original Poster
Do I really have to use visudo to edit this rather than kdesu kate?
linux arubin is offline     Reply With Quote
Old 11-07-2009, 03:55 PM   #4
saulgoode
Member
 
Registered: May 2007
Distribution: Slackware
Posts: 86
Thanked: 9
Quote:
Originally Posted by arubin View Post
Do I really have to use visudo to edit this rather than kdesu kate?
No, you do not have to use 'visudo'; however, there are a couple of advantages.

As explained in "man 8 visudo":

Quote:
visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors. If the sudoers file is currently being edited you will receive a message to try again later.
linux saulgoode is offline     Reply With Quote
Old 11-07-2009, 04:22 PM   #5
arubin
Member
 
Registered: Mar 2004
Location: Middx UK
Distribution: Slackware64 13 (multilib)
Posts: 918
Thanked: 2

Original Poster
So I have this in sudoers

Quote:
katy ALL=NOPASSWD:/usr/sbin/pppd call imperial dump debug logfd 2 nodetach requi
re-mppe,/sbin/ip route add default dev ppp0
but when I run the script I get

Quote:
/usr/sbin/pppd: must be root to run /usr/sbin/pppd, since it is not setuid-root
linux arubin is offline     Reply With Quote
Old 11-07-2009, 04:30 PM   #6
saulgoode
Member
 
Registered: May 2007
Distribution: Slackware
Posts: 86
Thanked: 9
Does your script have a 'sudo' in front of the command?
sudo /usr/sbin/pppd call imperial dump debug logfd 2 nodetach require-mppe
linux saulgoode is offline     Reply With Quote
Old 11-07-2009, 04:31 PM   #7
arubin
Member
 
Registered: Mar 2004
Location: Middx UK
Distribution: Slackware64 13 (multilib)
Posts: 918
Thanked: 2

Original Poster
I think I have solved that with chmod +s /usr/sbin/pppd
linux arubin is offline     Reply With Quote
Old 11-07-2009, 04:39 PM   #8
arubin
Member
 
Registered: Mar 2004
Location: Middx UK
Distribution: Slackware64 13 (multilib)
Posts: 918
Thanked: 2

Original Poster
Oops! Ok added sudo

but now I have this -

Quote:
sh: pptp: command not found
Modem hangup
Connection terminated.
Script pptp vpn.ic.ac.uk --nolaunchpppd finished (pid 4226), status = 0x7f
Cannot find device "ppp0"
Do I need to add pptp to sudoers?

Last edited by arubin; 11-07-2009 at 04:42 PM..
linux arubin is offline     Reply With Quote
Old 11-07-2009, 04:57 PM   #9
arubin
Member
 
Registered: Mar 2004
Location: Middx UK
Distribution: Slackware64 13 (multilib)
Posts: 918
Thanked: 2

Original Poster
ln -s /usr/sbin/pptp /usr/bin/pptp

seems to solve that. Nearly there
linux arubin is offline     Reply With Quote
Old 11-07-2009, 05:16 PM   #10
arubin
Member
 
Registered: Mar 2004
Location: Middx UK
Distribution: Slackware64 13 (multilib)
Posts: 918
Thanked: 2

Original Poster
One more problem;

Quote:
sudo /usr/sbin/pppd call imperial dump debug logfd 2 nodetach require-mppe &
sudo /sbin/ip route add default dev ppp0
in one script doesn't seem to work

If I separate them into one command in each of two scripts it is OK.

How do I get them to work togrther in one script?
linux arubin is offline     Reply With Quote
Old 11-07-2009, 05:28 PM   #11
arubin
Member
 
Registered: Mar 2004
Location: Middx UK
Distribution: Slackware64 13 (multilib)
Posts: 918
Thanked: 2

Original Poster
Quote:
sleep 5
solved that
linux arubin is offline     Reply With Quote
Old 11-07-2009, 06:05 PM   #12
unSpawn
Moderator
 
Registered: May 2001
Posts: 16,716
Blog Entries: 30
Thanked: 283
Quote:
Originally Posted by arubin View Post
I think I have solved that with chmod +s /usr/sbin/pppd
No you didn't and you shouldn't. If the application isn't meant to be run setuid root then basically you've created a weakness. Sudo is there to avoid making mistakes like that. But what's more worrying is the idea that making anything setuid root "solves" things: I suggest you reread the most basic GNU/Linux docs again.
linux unSpawn is offline     Reply With Quote
Old 11-07-2009, 07:26 PM   #13
arubin
Member
 
Registered: Mar 2004
Location: Middx UK
Distribution: Slackware64 13 (multilib)
Posts: 918
Thanked: 2

Original Poster
Yes I had realised that. The problem was that I had left sudo out of the script and I had reset it to -s when the penny dropped.
linux arubin is offline     Reply With Quote

Reply

Bookmarks


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] How to allow access to some commands having root privleges to be run bu non root user suryashikha Linux - Newbie 8 10-31-2009 02:05 PM
How to change a process running in root-user to non-root user ???????????????????? narendra1310 Linux - Software 4 10-29-2009 03:11 AM
Non-root user can't see all commands (Zenwalk) POW R TOC H Linux - Newbie 6 09-05-2009 01:57 AM
Root/User rights to Root commands? mrde50garfield Linux - Software 2 10-24-2006 06:42 AM
Running super user commands as normal user mickyg Linux - Security 5 10-14-2005 08:25 PM


All times are GMT -5. The time now is 09:18 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
RSS2  LQ Podcast
RSS2  LQ Radio
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration