12:13 p.m.
Hi.
I have two (2) users cat - dog
user cat has access to all files in /cat, and the ability to run the apps
(*.php)
i want to allow user dog to be able to run as user cat, and therefore run
the *.php in /cat
As far as I can tell, this is a sudo/sudoers issue, where I should be able
to set up a user/group to run the apps with no passwd...
so... I jumped into visudo, made the change to the sudo/sudoer file (not
sure what the file is actually called!).
the change I made
cat ALL=(ALL) NOPASSWD: /cat/*.*
I then did a #su dog
whoami -- dog
and as user dog...
sudo -u cat /cat/aa.php
and got a passwd prompt for dog....
so what did I miss/screw up....
Thanks...
12:42 p.m.
.. sounds like something to solve with Linux ownership of files, being part
of groups, and permissions. Perhaps start here? -
https://www.linux.com/learn/understanding-linux-file-permissions
On Mon, Jul 11, 2016 at 10:13 AM, bruce <badouglas(a)gmail.com> wrote:
Hi.
I have two (2) users cat - dog
user cat has access to all files in /cat, and the ability to run the apps
(*.php)
i want to allow user dog to be able to run as user cat, and therefore run
the *.php in /cat
As far as I can tell, this is a sudo/sudoers issue, where I should be able
to set up a user/group to run the apps with no passwd...
so... I jumped into visudo, made the change to the sudo/sudoer file (not
sure what the file is actually called!).
the change I made
cat ALL=(ALL) NOPASSWD: /cat/*.*
I then did a #su dog
whoami -- dog
and as user dog...
sudo -u cat /cat/aa.php
and got a passwd prompt for dog....
so what did I miss/screw up....
Thanks...
--
users mailing list
users(a)lists.fedoraproject.org
To unsubscribe or change subscription options:
https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
12:46 p.m.
On 07/11/2016 10:42 AM, Tod Merley wrote:
.. sounds like something to solve with Linux ownership of files,
being
part of groups, and permissions. Perhaps start here?
- https://www.linux.com/learn/understanding-linux-file-permissions
On Mon, Jul 11, 2016 at 10:13 AM, bruce <badouglas(a)gmail.com
<mailto:badouglas@gmail.com>> wrote:
Hi.
I have two (2) users cat - dog
user cat has access to all files in /cat, and the ability to run the
apps (*.php)
i want to allow user dog to be able to run as user cat, and
therefore run the *.php in /cat
As far as I can tell, this is a sudo/sudoers issue, where I should
be able to set up a user/group to run the apps with no passwd...
so... I jumped into visudo, made the change to the sudo/sudoer file
(not sure what the file is actually called!).
the change I made
cat ALL=(ALL) NOPASSWD: /cat/*.*
Try
cat ALL = (ALL) NOPASSWD: /cat/
(whitespace and just a trailing "/" on the directory).
I then did a #su dog
whoami -- dog
and as user dog...
sudo -u cat /cat/aa.php
and got a passwd prompt for dog....
so what did I miss/screw up....
Thanks...
--
users mailing list
users(a)lists.fedoraproject.org <mailto:users@lists.fedoraproject.org>
To unsubscribe or change subscription options:
https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
--
users mailing list
users(a)lists.fedoraproject.org
To unsubscribe or change subscription options:
https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
--
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital ricks(a)alldigital.com -
- AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 -
- -
- I was married by a judge. I should have asked for a jury. -
- -- Groucho Marx -
----------------------------------------------------------------------
4:15 p.m.
On 07/11/2016 12:13 PM, bruce wrote:
the change I made
cat ALL=(ALL) NOPASSWD: /cat/*.*
That is granting cat the right to run commands as cat, i.e., it's pretty
much a no-op. Try
dog ALL=(ALL) NOPASSWD: /cat/*.*
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
4:27 p.m.
On 07/11/2016 02:15 PM, Robert Nichols wrote:
On 07/11/2016 12:13 PM, bruce wrote:
> the change I made
> cat ALL=(ALL) NOPASSWD: /cat/*.*
That is granting cat the right to run commands as cat, i.e., it's pretty
much a no-op. Try
dog ALL=(ALL) NOPASSWD: /cat/*.*
Wouldn't it be easier to create a group that both cat and dog belong to,
have the files owned by cat (and that group) and give the files execute
access by everybody in the group? That gives dog access to the specific
commands it needs but nothing else in cat's home folder.
5:07 p.m.
On Mon, Jul 11, 2016 at 5:27 PM, Joe Zeff <joe(a)zeff.us> wrote:
On 07/11/2016 02:15 PM, Robert Nichols wrote:
> On 07/11/2016 12:13 PM, bruce wrote:
>
>> the change I made
>> cat ALL=(ALL) NOPASSWD: /cat/*.*
>>
>
> That is granting cat the right to run commands as cat, i.e., it's pretty
> much a no-op. Try
>
> dog ALL=(ALL) NOPASSWD: /cat/*.*
>
Wouldn't it be easier to create a group that both cat and dog belong to,
have the files owned by cat (and that group) and give the files execute
access by everybody in the group? That gives dog access to the specific
commands it needs but nothing else in cat's home folder.
--
users mailing list
users(a)lists.fedoraproject.org
To unsubscribe or change subscription options:
https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
I concur. Creating a common group seems the least complicated. Then chmod
the files in /cat/ to cat:commongroup and you are done. Expandable if Rat
joined the system and you could just add Rat to the commongroup. Also I
think Dog is invoking the sudo command, albeit as cat to run a file, so the
system needs Dogs password to execute... I think.
2:55 a.m.
On 07/11/2016 02:15 PM, Robert Nichols wrote:
On 07/11/2016 12:13 PM, bruce wrote:
> the change I made
> cat ALL=(ALL) NOPASSWD: /cat/*.*
That is granting cat the right to run commands as cat, i.e., it's pretty
much a no-op. Try
dog ALL=(ALL) NOPASSWD: /cat/*.*
That would allow dog to run the commands as any user including root.
dog ALL = (cat) NOPASSWD: /cat/
is all that is needed.
12:59 p.m.
On Mon, Jul 11, 2016 at 1:13 PM, bruce <badouglas(a)gmail.com> wrote:
I have two (2) users cat - dog
user cat has access to all files in /cat, and the ability to run the apps
(*.php)
i want to allow user dog to be able to run as user cat, and therefore run
the *.php in /cat
As far as I can tell, this is a sudo/sudoers issue, where I should be able
to set up a user/group to run the apps with no passwd...
so... I jumped into visudo, made the change to the sudo/sudoer file (not
sure what the file is actually called!).
the change I made
cat ALL=(ALL) NOPASSWD: /cat/*.*
I then did a #su dog
whoami -- dog
and as user dog...
sudo -u cat /cat/aa.php
and got a passwd prompt for dog....
# visudo -f /etc/sudoers.d/dog
dog ALL=(cat) NOPASSWD: /cat/*.*
[AFAIK, "/cat/*" should be enough]
2843
days inactive
2844
days old
8 comments
8 participants
participants (8)
-
bruce -
fred roller -
Joe Zeff -
Rick Stevens -
Robert Nichols -
Samuel Sieb -
Tod Merley -
Tom H