LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   allow normal user to exec some root commands w/o sudo (https://www.linuxquestions.org/questions/linux-newbie-8/allow-normal-user-to-exec-some-root-commands-w-o-sudo-912808/)

gujedan 11-10-2011 06:13 AM
allow normal user to exec some root commands w/o sudo
 
what do I add to visudo? the sudo manual is kind of cryptic..

unSpawn 11-10-2011 06:38 AM
Quote:
Originally Posted by gujedan (Post 4520543)
what do I add to visudo?
To "allow normal user to exec some root commands w/o sudo"? Nothing. What is it that you are trying to do? What exact command will be used?

gujedan 11-10-2011 06:41 AM
Quote:
Originally Posted by unSpawn (Post 4520565)
To "allow normal user to exec some root commands w/o sudo"? Nothing. What is it that you are trying to do? What exact command will be used?
example: I want to execute 'halt' as a normal user w/o sudo.

unSpawn 11-10-2011 07:17 AM
Quote:
Originally Posted by gujedan (Post 4520571)
I want to execute 'halt' as a normal user
Only root should do that. Why would you allow unprivileged users to shut down the machine?

gujedan 11-10-2011 07:23 AM
Quote:
Originally Posted by unSpawn (Post 4520601)
Only root should do that. Why would you allow unprivileged users to shut down the machine?
can we just skip the part where we spend an hour talking about my motives to do it and get to the part where you either answer, I give you some rep and mark the thread as solved or you move away of this thread if you don't know the answer.

jschiwal 11-10-2011 07:28 AM
On most systems, a quick press of the power switch will shut down the system. If the desktop is used, they can select shutdown from the menu.

If your system uses polkit, there are several shutdown policies:
org.freedesktop.hal.power-management.shutdown
org.freedesktop.hal.power-management.shutdown-multiple-sessions
org.freedesktop.hal.power-management.reboot
org.freedesktop.hal.power-management.reboot-multiple-sessions

Also try reading the sudoers man page instead of the sudo manpage. It has examples.

gujedan 11-10-2011 07:52 AM
Quote:
Originally Posted by jschiwal (Post 4520615)
On most systems, a quick press of the power switch will shut down the system. If the desktop is used, they can select shutdown from the menu.
I just brought the halt command as an example. This thread is about making a currently root-only command available to the standard user. I don't need advice on how to shut down my computer.

Quote:
Originally Posted by jschiwal (Post 4520615)
Also try reading the sudoers man page instead of the sudo manpage. It has examples.
Tried that and am still trying, but it is qualifies as the most cryptic, confusing and incoherent manual I've ever read, which is why this thread exists.

gujedan 11-10-2011 08:53 AM
Code:
Cmnd_Alias    HALT = /usr/sbin/halt
myusername ALL=NOPASSWD: HALT
halt w/o giving pass for sudo, sufficient enough for now.

colucix 11-10-2011 08:58 AM
Quote:
Originally Posted by unSpawn
Only root should do that. Why would you allow unprivileged users to shut down the machine?
Quote:
Originally Posted by gujedan (Post 4520608)
can we just skip the part where we spend an hour talking about my motives to do it and get to the part where you either answer, I give you some rep and mark the thread as solved or you move away of this thread if you don't know the answer.
unSpawn here is one of the members with an invaluable expertise about Linux security. His advice was concerned to the security of your system. I also manage a HPC network in my lab where no user is allowed to shutdown anything, since the CPUs work on a 24/7 basis. That's a good advice in my humble opinion and he didn't deserve such a rude reply. Nuff' said.

akuthia 11-10-2011 10:42 AM
"ignore my motives" is always a great cover up for "I'm trying to do something nefarious"

kbscores 11-10-2011 04:20 PM
I know this was solved but I figured I'd add an alternative. If you want a specific group of people to run something as root...
Code:
Cmnd_Alias MYCMDS = /usr/bin/halt, /path/cmd
Runas_Alias ADMIN_ALIAS = root
groupname      ALL=(ADMIN_ALIAS)    NOPASSWD:  MYCMDS

evo2 11-10-2011 10:42 PM
Hi,

Quote:
Originally Posted by unSpawn (Post 4520601)
Only root should do that. Why would you allow unprivileged users to shut down the machine?
I think there are valid reasons. Note that with this setup you can allow a somewhat trusted user to cleanly shutdown
the machine, without giving them full root permission.

For example, I usually setup my laptops like this. I don't use a gui that provides a way to
shutdown the machine, so allowing myself to simply run
Code:
sudo halt
when I want to shut it down is fairly convenient.

Cheers,

Evo2.

malekmustaq 11-10-2011 11:16 PM
Quote:
unSpawn here is one of the members with an invaluable expertise about Linux security. His advice was concerned to the security of your system..... That's a good advice in my humble opinion and he didn't deserve such a rude reply.

I second the motion.


All times are GMT -5. The time now is 10:34 AM.