Hi.
I have two (2) users cat - dog
user cat has access to all files in /cat, and the ability to run the apps (*.php)
i want to allow user dog to be able to run as user cat, and therefore run the *.php in /cat
As far as I can tell, this is a sudo/sudoers issue, where I should be able to set up a user/group to run the apps with no passwd...
so... I jumped into visudo, made the change to the sudo/sudoer file (not sure what the file is actually called!).
the change I made cat ALL=(ALL) NOPASSWD: /cat/*.*
I then did a #su dog whoami -- dog
and as user dog... sudo -u cat /cat/aa.php
and got a passwd prompt for dog....
so what did I miss/screw up....
Thanks...
.. sounds like something to solve with Linux ownership of files, being part of groups, and permissions. Perhaps start here? - https://www.linux.com/learn/understanding-linux-file-permissions
On Mon, Jul 11, 2016 at 10:13 AM, bruce badouglas@gmail.com wrote:
Hi.
I have two (2) users cat - dog
user cat has access to all files in /cat, and the ability to run the apps (*.php)
i want to allow user dog to be able to run as user cat, and therefore run the *.php in /cat
As far as I can tell, this is a sudo/sudoers issue, where I should be able to set up a user/group to run the apps with no passwd...
so... I jumped into visudo, made the change to the sudo/sudoer file (not sure what the file is actually called!).
the change I made cat ALL=(ALL) NOPASSWD: /cat/*.*
I then did a #su dog whoami -- dog
and as user dog... sudo -u cat /cat/aa.php
and got a passwd prompt for dog....
so what did I miss/screw up....
Thanks...
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
On 07/11/2016 10:42 AM, Tod Merley wrote:
.. sounds like something to solve with Linux ownership of files, being part of groups, and permissions. Perhaps start here?
On Mon, Jul 11, 2016 at 10:13 AM, bruce <badouglas@gmail.com mailto:badouglas@gmail.com> wrote:
Hi. I have two (2) users cat - dog user cat has access to all files in /cat, and the ability to run the apps (*.php) i want to allow user dog to be able to run as user cat, and therefore run the *.php in /cat As far as I can tell, this is a sudo/sudoers issue, where I should be able to set up a user/group to run the apps with no passwd... so... I jumped into visudo, made the change to the sudo/sudoer file (not sure what the file is actually called!). the change I made cat ALL=(ALL) NOPASSWD: /cat/*.*
Try
cat ALL = (ALL) NOPASSWD: /cat/
(whitespace and just a trailing "/" on the directory).
I then did a #su dog whoami -- dog and as user dog... sudo -u cat /cat/aa.php and got a passwd prompt for dog.... so what did I miss/screw up.... Thanks... -- users mailing list users@lists.fedoraproject.org <mailto:users@lists.fedoraproject.org> To unsubscribe or change subscription options: https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
On 07/11/2016 12:13 PM, bruce wrote:
the change I made cat ALL=(ALL) NOPASSWD: /cat/*.*
That is granting cat the right to run commands as cat, i.e., it's pretty much a no-op. Try
dog ALL=(ALL) NOPASSWD: /cat/*.*
On 07/11/2016 02:15 PM, Robert Nichols wrote:
On 07/11/2016 12:13 PM, bruce wrote:
the change I made cat ALL=(ALL) NOPASSWD: /cat/*.*
That is granting cat the right to run commands as cat, i.e., it's pretty much a no-op. Try
dog ALL=(ALL) NOPASSWD: /cat/*.*
Wouldn't it be easier to create a group that both cat and dog belong to, have the files owned by cat (and that group) and give the files execute access by everybody in the group? That gives dog access to the specific commands it needs but nothing else in cat's home folder.
On Mon, Jul 11, 2016 at 5:27 PM, Joe Zeff joe@zeff.us wrote:
On 07/11/2016 02:15 PM, Robert Nichols wrote:
On 07/11/2016 12:13 PM, bruce wrote:
the change I made cat ALL=(ALL) NOPASSWD: /cat/*.*
That is granting cat the right to run commands as cat, i.e., it's pretty much a no-op. Try
dog ALL=(ALL) NOPASSWD: /cat/*.*Wouldn't it be easier to create a group that both cat and dog belong to, have the files owned by cat (and that group) and give the files execute access by everybody in the group? That gives dog access to the specific commands it needs but nothing else in cat's home folder.
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
I concur. Creating a common group seems the least complicated. Then chmod the files in /cat/ to cat:commongroup and you are done. Expandable if Rat joined the system and you could just add Rat to the commongroup. Also I think Dog is invoking the sudo command, albeit as cat to run a file, so the system needs Dogs password to execute... I think.
On 07/11/2016 02:15 PM, Robert Nichols wrote:
On 07/11/2016 12:13 PM, bruce wrote:
the change I made cat ALL=(ALL) NOPASSWD: /cat/*.*
That is granting cat the right to run commands as cat, i.e., it's pretty much a no-op. Try
dog ALL=(ALL) NOPASSWD: /cat/*.*
That would allow dog to run the commands as any user including root.
dog ALL = (cat) NOPASSWD: /cat/
is all that is needed.
On Mon, Jul 11, 2016 at 1:13 PM, bruce badouglas@gmail.com wrote:
I have two (2) users cat - dog
user cat has access to all files in /cat, and the ability to run the apps (*.php)
i want to allow user dog to be able to run as user cat, and therefore run the *.php in /cat
As far as I can tell, this is a sudo/sudoers issue, where I should be able to set up a user/group to run the apps with no passwd...
so... I jumped into visudo, made the change to the sudo/sudoer file (not sure what the file is actually called!).
the change I made cat ALL=(ALL) NOPASSWD: /cat/*.*
I then did a #su dog whoami -- dog
and as user dog... sudo -u cat /cat/aa.php
and got a passwd prompt for dog....
# visudo -f /etc/sudoers.d/dog dog ALL=(cat) NOPASSWD: /cat/*.*
[AFAIK, "/cat/*" should be enough]
-
bruce -
fred roller -
Joe Zeff -
Rick Stevens -
Robert Nichols -
Samuel Sieb -
Tod Merley -
Tom H