[Fwd: [Fwd: [sudo-users] Config sudo for installation]]

edwardspl at ita.org.mo edwardspl at ita.org.mo
Mon Feb 19 05:31:48 UTC 2007 

Mikkel L. Ellertson wrote:

>edwardspl at ita.org.mo wrote:
>  
>
>>Mikkel L. Ellertson wrote:
>>    
>>
>>>edwardspl at ita.org.mo wrote:
>>>  
>>>      
>>>
>>>>Dear All,
>>>>
>>>>How can we config sudores, then assign a user ( without root ) to running the following :
>>>>Install source code package, include the command of tar, configure, make and make install.
>>>>
>>>>Edward.
>>>>
>>>>    
>>>>        
>>>>
>>>You would only need sudo for the make install command - you can do
>>>the rest as a normal user. (At least for almost all packages...) I
>>>have not tried it, but I suspect that if you created a group called
>>>install, and put a rule something like this in /etc/sudoers:
>>>
>>>%install	localhost=make install
>>>
>>>You could also use something like thins if you do not want it to be
>>>limited to users at the console:
>>>
>>>%install	ALL=make install
>>>
>>>If you do not want the user asked for his password when running the
>>>command, you can add "NOPASSWD: ALL" at the end.
>>>
>>>Mikkel
>>>  
>>>      
>>>
>>Hello Mikkel,
>>
>>Sorry, I don't quite understanding your means...
>>I just want a sample for installing source code packages ( how to use
>>the command of configure / make / make install ) ?
>>
>>For my config of sudores :
>>
>>User_Alias    ADMIN = admin
>>
>>ADMIN    HOST = NOPASSWD: /bin/tar
>>
>>Edward.
>>
>>    
>>
>I am surprised that that works. Shouldn't the format be:
>
>ADMIN	HOST = /bin/tar		NOPASSWD: ALL
>
>But you do not need to be root to install the source code. If you
>are installing it in your home directory, you can run tar as a
>normal user. You should be able to do all the steps except
>installing the software as a normal user. I do it all time when
>building from source. I also build RPMs as a normal user, and then
>install them as root.
>
>If HOST is an alias for the hosts you want to be able to run the
>command as, try this:
>
>ADMIN	HOST = /usr/bin/make install	NOPASSWD: ALL
>
>If it isn't, then try:
>
>ADMIN	localhost = /usr/bin/make install	NOPASSWD: ALL
>
>or
>
>admin	localhost = /usr/bin/make install	NOPASSWD: ALL
>
>Just remember, if admin really tries, he/she can run any command
>they can put in the make file in the install section, or install any
>kind of suid program they want to. It would not be hard to use this
>to get full root access to the system. That is one reason to limit
>where it can be run from, and who can run it!
>
>Mikkel
>  
>
Hello,

If so, do you means ( config of sudoers ) :

ADMIN	HOST = /bin/tar, /usr/bin/make install	NOPASSWD: ALL

or

ADMIN	localhost = /bin/tar, /usr/bin/make install	NOPASSWD: ALL

BYW, if the ADMIN is admin, then :

run command of "sudo /bin/tar file-name-packages" or "sudo tar file-name-packages" is okay ?

And

run command of "sudo /usr/bin/make install file-name-packages" or "sudo make install file-name-packages" is okay ?

Edward.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20070219/e7a29032/attachment-0002.html

More information about the users mailing list