[Fwd: [Fwd: [sudo-users] Config sudo for installation]]
edwardspl at ita.org.mo
edwardspl at ita.org.mo
Mon Feb 19 05:31:48 UTC 2007
Mikkel L. Ellertson wrote:
>edwardspl at ita.org.mo wrote:
>
>
>>Mikkel L. Ellertson wrote:
>>
>>
>>>edwardspl at ita.org.mo wrote:
>>>
>>>
>>>
>>>>Dear All,
>>>>
>>>>How can we config sudores, then assign a user ( without root ) to running the following :
>>>>Install source code package, include the command of tar, configure, make and make install.
>>>>
>>>>Edward.
>>>>
>>>>
>>>>
>>>>
>>>You would only need sudo for the make install command - you can do
>>>the rest as a normal user. (At least for almost all packages...) I
>>>have not tried it, but I suspect that if you created a group called
>>>install, and put a rule something like this in /etc/sudoers:
>>>
>>>%install localhost=make install
>>>
>>>You could also use something like thins if you do not want it to be
>>>limited to users at the console:
>>>
>>>%install ALL=make install
>>>
>>>If you do not want the user asked for his password when running the
>>>command, you can add "NOPASSWD: ALL" at the end.
>>>
>>>Mikkel
>>>
>>>
>>>
>>Hello Mikkel,
>>
>>Sorry, I don't quite understanding your means...
>>I just want a sample for installing source code packages ( how to use
>>the command of configure / make / make install ) ?
>>
>>For my config of sudores :
>>
>>User_Alias ADMIN = admin
>>
>>ADMIN HOST = NOPASSWD: /bin/tar
>>
>>Edward.
>>
>>
>>
>I am surprised that that works. Shouldn't the format be:
>
>ADMIN HOST = /bin/tar NOPASSWD: ALL
>
>But you do not need to be root to install the source code. If you
>are installing it in your home directory, you can run tar as a
>normal user. You should be able to do all the steps except
>installing the software as a normal user. I do it all time when
>building from source. I also build RPMs as a normal user, and then
>install them as root.
>
>If HOST is an alias for the hosts you want to be able to run the
>command as, try this:
>
>ADMIN HOST = /usr/bin/make install NOPASSWD: ALL
>
>If it isn't, then try:
>
>ADMIN localhost = /usr/bin/make install NOPASSWD: ALL
>
>or
>
>admin localhost = /usr/bin/make install NOPASSWD: ALL
>
>Just remember, if admin really tries, he/she can run any command
>they can put in the make file in the install section, or install any
>kind of suid program they want to. It would not be hard to use this
>to get full root access to the system. That is one reason to limit
>where it can be run from, and who can run it!
>
>Mikkel
>
>
Hello,
If so, do you means ( config of sudoers ) :
ADMIN HOST = /bin/tar, /usr/bin/make install NOPASSWD: ALL
or
ADMIN localhost = /bin/tar, /usr/bin/make install NOPASSWD: ALL
BYW, if the ADMIN is admin, then :
run command of "sudo /bin/tar file-name-packages" or "sudo tar file-name-packages" is okay ?
And
run command of "sudo /usr/bin/make install file-name-packages" or "sudo make install file-name-packages" is okay ?
Edward.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20070219/e7a29032/attachment-0002.html
More information about the users
mailing list