[Fwd: [Fwd: [sudo-users] Config sudo for installation]]
Mikkel L. Ellertson
mikkel at infinity-ltd.com
Mon Feb 19 04:58:17 UTC 2007
edwardspl at ita.org.mo wrote:
> Mikkel L. Ellertson wrote:
>> edwardspl at ita.org.mo wrote:
>>
>>> Dear All,
>>>
>>> How can we config sudores, then assign a user ( without root ) to running the following :
>>> Install source code package, include the command of tar, configure, make and make install.
>>>
>>> Edward.
>>>
>>>
>> You would only need sudo for the make install command - you can do
>> the rest as a normal user. (At least for almost all packages...) I
>> have not tried it, but I suspect that if you created a group called
>> install, and put a rule something like this in /etc/sudoers:
>>
>> %install localhost=make install
>>
>> You could also use something like thins if you do not want it to be
>> limited to users at the console:
>>
>> %install ALL=make install
>>
>> If you do not want the user asked for his password when running the
>> command, you can add "NOPASSWD: ALL" at the end.
>>
>> Mikkel
>>
> Hello Mikkel,
>
> Sorry, I don't quite understanding your means...
> I just want a sample for installing source code packages ( how to use
> the command of configure / make / make install ) ?
>
> For my config of sudores :
>
> User_Alias ADMIN = admin
>
> ADMIN HOST = NOPASSWD: /bin/tar
>
> Edward.
>
I am surprised that that works. Shouldn't the format be:
ADMIN HOST = /bin/tar NOPASSWD: ALL
But you do not need to be root to install the source code. If you
are installing it in your home directory, you can run tar as a
normal user. You should be able to do all the steps except
installing the software as a normal user. I do it all time when
building from source. I also build RPMs as a normal user, and then
install them as root.
If HOST is an alias for the hosts you want to be able to run the
command as, try this:
ADMIN HOST = /usr/bin/make install NOPASSWD: ALL
If it isn't, then try:
ADMIN localhost = /usr/bin/make install NOPASSWD: ALL
or
admin localhost = /usr/bin/make install NOPASSWD: ALL
Just remember, if admin really tries, he/she can run any command
they can put in the make file in the install section, or install any
kind of suid program they want to. It would not be hard to use this
to get full root access to the system. That is one reason to limit
where it can be run from, and who can run it!
Mikkel
--
Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
More information about the fedora-list
mailing list