Installing Packages as Another User with Sudo
On Sat, Jul 14, 2018 at 1:17 AM Ricardo Grant <rgrant at laurentian.ca> wrote:
> I have been trying and failing to set up the sudoers file so that I
> can run apt/dpkg/etc as another user without sudo (root) access. Here
> is a snippet:
> # Restrict the user "packager" to only installing packages on this
> # machine
> packager home = NOPASSWD: (root) /usr/bin/apt, (root)
> /usr/bin/aptitude, (root) /usr/bin/dpkg
> # Allow users to install packages via "packager"
> granttrec home = (packager) /usr/bin/apt, (packager) /usr/bin/aptitude
> The user packager was created as a system user and belongs to nogroup,
> I tried adding thi user to the sudo group but no effect, the command I
> am trying to run is:
> sudo -u packager sudo aptitude install ...
> Also If I enter aptitude, I can become root without a sudo promt.
1) What does "enter aptitude" mean?
2) I assume that "grantrec" is a group. If it is, you'll need "%grantrec".
3) Don't add "packager" to the "sudo" group or the "grantrec"
members'll be able to run any command as "root".
4) Are you sure that you can put "NOPASSWD:" before the systemname?
I'm not familiar with allowing multiple commands without an alias so
maybe. But, AFAIR, comes just before a command.
5) Why do you need "packager"? You can give the "grantrec" members
Cmnd_Alias INST = /usr/bin/apt, /usr/bin/aptitude, /usr/bin/apt-get,
%grantrec home = (root) INST