Re: sudo a user without password

To: debian-user@lists.debian.org
Subject: Re: sudo a user without password
From: "Karl E. Jorgensen" <karl@fizzback.net>
Date: Sun, 27 Jun 2010 08:10:53 +0100
Message-id: <[🔎] 20100627071052.GC20113@hawking.jorgensen.org.uk>
Mail-followup-to: "Karl E. Jorgensen" <karl@fizzback.net>, debian-user@lists.debian.org
In-reply-to: <[🔎] 1277621693.22275.44.camel@localhost>
References: <[🔎] 1277621693.22275.44.camel@localhost>

Hi!

On Sun, Jun 27, 2010 at 08:54:53AM +0200, Jozsi Avadkan wrote:
> Hi
> 
> On a Desktop machine, running Debian Lenny [GNOME], i just want to put
> a .desktop icon on the desktop, so that i can easy launch apps with
> other users [e.g. not so trusted programs..maybe this way i could get a
> little more secure.. :) ].
> 
> #########################################
> $ cat Dude.desktop
> [Desktop Entry]
> Version=1.0
> Encoding=UTF-8
> Name=Dude
> Type=Application
> Terminal=false
> Icon=gnome-mines
> Exec=gksu -u dude-user wine "/home/dude-user/.wine/drive_c/Program
> Files/Dude/dude.exe"
> GenericName=Dude
> #########################################
> 
> But every time [in a new session] i want to launch "Dude" with wine,
> with another user...i have to type in his password.
> 
> -The question-
> How can i set the sudoers file, so that it doesnt prompt for a password?
> 
> E.g.: I have a user named "someone".
> On the "someone" users Desktop, I have the "Dude.desktop" file.
> The Dude user [who has this program installed] is "dude-user"
> 
> I already tried [with visudo]:
> 
> someone    dude-user=(ALL) ALL
> 
> but it don't seems to work [still need password when launching
> "Dude.desktop"]. Is there any way [I have to log out or something?]?

changes to /etc/sudoers take effect immediately, so logging off/on
will have no effect.

But your existing entry in /etc/sudoers is slightly off: It allows
"someone" (who is a member of the dude-user group) to execute all
commands as all users.  I suspect that this is not exactly what you
wanted.

try:

someone	   %=(dude-user) NOPASSWD: ALL

which should allow "someone" (regardless of what group they are
members of) to execute all commands (as dude-user) without having to
enter a password.

You should be able to tighten this to:
someone	   %=(dude-user) NOPASSWD: /path/to/wine

and possibly even further to restrict what parameters they can pass to
wine. But I'm not sure how to represent this in sudo, as the wine
command line has spaces in it...

Hope this helps
-- 
Karl E. Jorgensen
IT Operations Manager

Reply to:

Follow-Ups:
- Re: sudo a user without password
  - From: Jozsi Avadkan <jozsi.avadkan@gmail.com>

References:
- sudo a user without password
  - From: Jozsi Avadkan <jozsi.avadkan@gmail.com>

Prev by Date: sudo a user without password
Next by Date: Re: sudo a user without password
Previous by thread: sudo a user without password
Next by thread: Re: sudo a user without password
Index(es):
- Date
- Thread