[Fwd: Re: [Fwd: [Fwd: [sudo-users] Config sudo for installation]]]
edwardspl at ita.org.mo
edwardspl at ita.org.mo
Mon Feb 19 12:38:09 UTC 2007
Mikkel L. Ellertson wrote:
>edwardspl at ita.org.mo wrote:
>
>
>>Mikkel L. Ellertson wrote:
>>
>>
>>>edwardspl at ita.org.mo wrote:
>>>
>>>
>>>
>>>>Dear All,
>>>>
>>>>How can we config sudores, then assign a user ( without root ) to running the following :
>>>>Install source code package, include the command of tar, configure, make and make install.
>>>>
>>>>Edward.
>>>>
>>>>
>>>>
>>>>
>>>You would only need sudo for the make install command - you can do
>>>the rest as a normal user. (At least for almost all packages...) I
>>>have not tried it, but I suspect that if you created a group called
>>>install, and put a rule something like this in /etc/sudoers:
>>>
>>>%install localhost=make install
>>>
>>>You could also use something like thins if you do not want it to be
>>>limited to users at the console:
>>>
>>>%install ALL=make install
>>>
>>>If you do not want the user asked for his password when running the
>>>command, you can add "NOPASSWD: ALL" at the end.
>>>
>>>Mikkel
>>>
>>>
>>>
>>Hello Mikkel,
>>
>>Sorry, I don't quite understanding your means...
>>I just want a sample for installing source code packages ( how to use
>>the command of configure / make / make install ) ?
>>
>>For my config of sudores :
>>
>>User_Alias ADMIN = admin
>>
>>ADMIN HOST = NOPASSWD: /bin/tar
>>
>>Edward.
>>
>>
>>
>I am surprised that that works. Shouldn't the format be:
>
>ADMIN HOST = /bin/tar NOPASSWD: ALL
>
>But you do not need to be root to install the source code. If you
>are installing it in your home directory, you can run tar as a
>normal user. You should be able to do all the steps except
>installing the software as a normal user. I do it all time when
>building from source. I also build RPMs as a normal user, and then
>install them as root.
>
>If HOST is an alias for the hosts you want to be able to run the
>command as, try this:
>
>ADMIN HOST = /usr/bin/make install NOPASSWD: ALL
>
>If it isn't, then try:
>
>ADMIN localhost = /usr/bin/make install NOPASSWD: ALL
>
>or
>
>admin localhost = /usr/bin/make install NOPASSWD: ALL
>
>Just remember, if admin really tries, he/she can run any command
>they can put in the make file in the install section, or install any
>kind of suid program they want to. It would not be hard to use this
>to get full root access to the system. That is one reason to limit
>where it can be run from, and who can run it!
>
>Mikkel
>
>
Hello,
I just want to install a FTP Server ( package )...
BUT there is some error message :
[svradmin at svr1 proftpd-1.3.0a]$ ./configure --prefix=/usr/local/proftpd
./configure: line 88: conf4161.sh: Permission denied
./configure: line 89: conf4161.sh: Permission denied
chmod: cannot access `conf4161.sh': No such file or directory
./configure: line 201: conf4161.file: Permission denied
./configure: line 1266: config.log: Permission denied
[svradmin at svr1 proftpd-1.3.0a]$
BTW :
/etc/sudores :
Host_Alias M = svr1
User_Alias USER1 = svradmin
USER1 M = NOPASSWD: /bin/tar, /usr/bin/make install
So, what problem of sudores config ?
Edward.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20070219/e7b3456a/attachment-0002.html
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: file:///C|/DOCUME%7E1/EDWARD%7E1/LOCALS%7E1/TEMP/nsmail.txt
Url: http://lists.fedoraproject.org/pipermail/users/attachments/20070219/e7b3456a/attachment-0002.txt
More information about the users
mailing list