sudo a user without password
in [Debian]
|
Prev: portmap error during upgrade from etch to lenny
Next: dpkg: error processing linux-image-2.6.26-2-686 (--configure)
From: Jozsi Avadkan on 27 Jun 2010 03:00 Hi On a Desktop machine, running Debian Lenny [GNOME], i just want to put a .desktop icon on the desktop, so that i can easy launch apps with other users [e.g. not so trusted programs..maybe this way i could get a little more secure.. :) ]. ######################################### $ cat Dude.desktop [Desktop Entry] Version=1.0 Encoding=UTF-8 Name=Dude Type=Application Terminal=false Icon=gnome-mines Exec=gksu -u dude-user wine "/home/dude-user/.wine/drive_c/Program Files/Dude/dude.exe" GenericName=Dude ######################################### But every time [in a new session] i want to launch "Dude" with wine, with another user...i have to type in his password. -The question- How can i set the sudoers file, so that it doesnt prompt for a password? E.g.: I have a user named "someone". On the "someone" users Desktop, I have the "Dude.desktop" file. The Dude user [who has this program installed] is "dude-user" I already tried [with visudo]: someone dude-user=(ALL) ALL but it don't seems to work [still need password when launching "Dude.desktop"]. Is there any way [I have to log out or something?]? Thank you! -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/1277621693.22275.44.camel(a)localhost
From: Karl E. Jorgensen on 27 Jun 2010 03:20 Hi! On Sun, Jun 27, 2010 at 08:54:53AM +0200, Jozsi Avadkan wrote: > Hi > > On a Desktop machine, running Debian Lenny [GNOME], i just want to put > a .desktop icon on the desktop, so that i can easy launch apps with > other users [e.g. not so trusted programs..maybe this way i could get a > little more secure.. :) ]. > > ######################################### > $ cat Dude.desktop > [Desktop Entry] > Version=1.0 > Encoding=UTF-8 > Name=Dude > Type=Application > Terminal=false > Icon=gnome-mines > Exec=gksu -u dude-user wine "/home/dude-user/.wine/drive_c/Program > Files/Dude/dude.exe" > GenericName=Dude > ######################################### > > But every time [in a new session] i want to launch "Dude" with wine, > with another user...i have to type in his password. > > -The question- > How can i set the sudoers file, so that it doesnt prompt for a password? > > E.g.: I have a user named "someone". > On the "someone" users Desktop, I have the "Dude.desktop" file. > The Dude user [who has this program installed] is "dude-user" > > I already tried [with visudo]: > > someone dude-user=(ALL) ALL > > but it don't seems to work [still need password when launching > "Dude.desktop"]. Is there any way [I have to log out or something?]? changes to /etc/sudoers take effect immediately, so logging off/on will have no effect. But your existing entry in /etc/sudoers is slightly off: It allows "someone" (who is a member of the dude-user group) to execute all commands as all users. I suspect that this is not exactly what you wanted. try: someone %=(dude-user) NOPASSWD: ALL which should allow "someone" (regardless of what group they are members of) to execute all commands (as dude-user) without having to enter a password. You should be able to tighten this to: someone %=(dude-user) NOPASSWD: /path/to/wine and possibly even further to restrict what parameters they can pass to wine. But I'm not sure how to represent this in sudo, as the wine command line has spaces in it... Hope this helps -- Karl E. Jorgensen IT Operations Manager -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/20100627071052.GC20113(a)hawking.jorgensen.org.uk
From: Tom H on 27 Jun 2010 03:30 On Sun, Jun 27, 2010 at 2:54 AM, Jozsi Avadkan <jozsi.avadkan(a)gmail.com> wrote: > > On a Desktop machine, running Debian Lenny [GNOME], i just want to put > a .desktop icon on the desktop. > > $ cat Dude.desktop > [Desktop Entry] > Version=1.0 > Encoding=UTF-8 > Name=Dude > Type=Application > Terminal=false > Icon=gnome-mines > Exec=gksu -u dude-user wine "/home/dude-user/.wine/drive_c/Program > Files/Dude/dude.exe" > GenericName=Dude > > But every time [in a new session] i want to launch "Dude" with wine, > with another user...i have to type in his password. > > How can i set the sudoers file, so that it doesnt prompt for a password? > > E.g.: I have a user named "someone". > On the "someone" users Desktop, I have the "Dude.desktop" file. > The Dude user [who has this program installed] is "dude-user" > > I already tried [with visudo]: > > someone dude-user=(ALL) ALL In sudoers: someone host=(dude-user) NOPASSWD: command You can set "host" and/or "command" to ALL. -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/AANLkTim-7Xh8hi-a4WWoKEX3OAbzlTTAk2M7WovMkWMp(a)mail.gmail.com
From: Jozsi Avadkan on 27 Jun 2010 04:50 wow, thanks for the quick answer! :) but it still doesn't work. i'm pretty sure, that i'm missing something: ############################## $ whoami someone $ sudo -u dude-user wine "/home/dude-user/.wine/drive_c/Program Files/Dude/dude.exe" We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for someone: someone is not allowed to run sudo on localhost. This incident will be reported. $ ############################## the next try [like in the "Dude.desktop" file]: it prompts [GUI], that it needs the password for the dude-user: ############################## $ whoami someone $ gksu -u dude-user wine "/home/dude-user/.wine/drive_c/Program Files/Dude/dude.exe" ############################## I tried these: http://pastebin.com/raw.php?i=fHbh4VpS > Hi! > > On Sun, Jun 27, 2010 at 08:54:53AM +0200, Jozsi Avadkan wrote: > > Hi > > > > On a Desktop machine, running Debian Lenny [GNOME], i just want to put > > a .desktop icon on the desktop, so that i can easy launch apps with > > other users [e.g. not so trusted programs..maybe this way i could get a > > little more secure.. :) ]. > > > > ######################################### > > $ cat Dude.desktop > > [Desktop Entry] > > Version=1.0 > > Encoding=UTF-8 > > Name=Dude > > Type=Application > > Terminal=false > > Icon=gnome-mines > > Exec=gksu -u dude-user wine "/home/dude-user/.wine/drive_c/Program > > Files/Dude/dude.exe" > > GenericName=Dude > > ######################################### > > > > But every time [in a new session] i want to launch "Dude" with wine, > > with another user...i have to type in his password. > > > > -The question- > > How can i set the sudoers file, so that it doesnt prompt for a password? > > > > E.g.: I have a user named "someone". > > On the "someone" users Desktop, I have the "Dude.desktop" file. > > The Dude user [who has this program installed] is "dude-user" > > > > I already tried [with visudo]: > > > > someone dude-user=(ALL) ALL > > > > but it don't seems to work [still need password when launching > > "Dude.desktop"]. Is there any way [I have to log out or something?]? > > changes to /etc/sudoers take effect immediately, so logging off/on > will have no effect. > > But your existing entry in /etc/sudoers is slightly off: It allows > "someone" (who is a member of the dude-user group) to execute all > commands as all users. I suspect that this is not exactly what you > wanted. > > try: > > someone %=(dude-user) NOPASSWD: ALL > > which should allow "someone" (regardless of what group they are > members of) to execute all commands (as dude-user) without having to > enter a password. > > You should be able to tighten this to: > someone %=(dude-user) NOPASSWD: /path/to/wine > > and possibly even further to restrict what parameters they can pass to > wine. But I'm not sure how to represent this in sudo, as the wine > command line has spaces in it... > > Hope this helps > -- > Karl E. Jorgensen > IT Operations Manager > > -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/1277628310.22275.48.camel(a)localhost
From: Rob Owens on 27 Jun 2010 10:50
On Sun, Jun 27, 2010 at 08:54:53AM +0200, Jozsi Avadkan wrote: > Hi > > On a Desktop machine, running Debian Lenny [GNOME], i just want to put > a .desktop icon on the desktop, so that i can easy launch apps with > other users [e.g. not so trusted programs..maybe this way i could get a > little more secure.. :) ]. > > ######################################### > $ cat Dude.desktop > [Desktop Entry] > Version=1.0 > Encoding=UTF-8 > Name=Dude > Type=Application > Terminal=false > Icon=gnome-mines > Exec=gksu -u dude-user wine "/home/dude-user/.wine/drive_c/Program > Files/Dude/dude.exe" > GenericName=Dude > ######################################### > > But every time [in a new session] i want to launch "Dude" with wine, > with another user...i have to type in his password. > > > > -The question- > How can i set the sudoers file, so that it doesnt prompt for a password? > > E.g.: I have a user named "someone". > On the "someone" users Desktop, I have the "Dude.desktop" file. > The Dude user [who has this program installed] is "dude-user" > > I already tried [with visudo]: > > someone dude-user=(ALL) ALL > > but it don't seems to work [still need password when launching > "Dude.desktop"]. Is there any way [I have to log out or something?]? > Is this just for wine apps? Why not just put the wine files in a publicly accessible place (/mnt/wine_apps, for instance), adjust the permissions so that the right people can read/write those files, and let all users run them from there? -Rob -- To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org Archive: http://lists.debian.org/20100627144159.GB30243(a)aurora.owens.net |