Hi All,
I want to run a script with sudo perimission to non admin user can any one assist on this
Regards
Kanna
running script with sudo permission
Re: running script with sudo permission
Just to clarify.
You want a non-admin user to be able to run a script utilizing sudo permissions?
You want a non-admin user to be able to run a script utilizing sudo permissions?
Re: running script with sudo permission
Yes , provided with that sudo permission that non admin should run only that script with elevated access
Re: running script with sudo permission
A sudo rule says:
* who can
* as which user
* run what command
Members of group wheel can impersonate anyone and run all possible commands.
You have to add a rule, where the only valid command is your script.
* who can
* as which user
* run what command
Members of group wheel can impersonate anyone and run all possible commands.
You have to add a rule, where the only valid command is your script.
Re: running script with sudo permission
Best to have a read of sudoers(5) §Security Notes. There are a lot of pitfalls in allowing script to be run at elevated privilege and if you get it wrong then a knowledgeable user can escalate privileges all the way to root.
Re: running script with sudo permission
Add an sudoers entry in /etc/sudoers.d/ and specify the script ONLY as the thing to allow (i.e.: the command).
Re: running script with sudo permission
The biggest pitfall of all is leaving the script so that non-root users can change it.
Make sure it is executable only by root. Make sure it is writeable only by root. Preferably make it READABLE only by root. Specify absolute paths to every executable used within the script. If the script takes parameters, sanitise them thoroughly. Check the enclosing directory's permissions too, to make sure no-one can delete and replace the script. If the script calls other scripts, make sure they are protected at least as well as the main script.
Then when you've done all that - don't let non-root users run the script
Regards, K.
Make sure it is executable only by root. Make sure it is writeable only by root. Preferably make it READABLE only by root. Specify absolute paths to every executable used within the script. If the script takes parameters, sanitise them thoroughly. Check the enclosing directory's permissions too, to make sure no-one can delete and replace the script. If the script calls other scripts, make sure they are protected at least as well as the main script.
Then when you've done all that - don't let non-root users run the script
Regards, K.