Re: Configure sudo
On Fri, May 25, 2012 at 9:02 PM, Richard Hector <richard@walnut.gen.nz> wrote:
> On 26/05/12 01:43, Tom H wrote:
>>>>
>>>> >> * apt-get install but not remove
>>>
>>> >
>>> > IMO this is possible by setting whole command "apt-get options *" in
>>> > sudoers, but i never tried this. I have on one my server this:
>>> >
>>> > User_Alias EJABBER = snmp, www-data
>>> > ...
>>> > EJABBER ALL=(ejabberd) NOPASSWD: /usr/sbin/ejabberdctl stats *
>>> >
>>> > by this line (i hope) only snmp and www-data can run
>>> > "/usr/sbin/ejabberdctl stats *" command. The asterisk can be replaced
>>> > by
>>> > any other option (package name for you). But be careful with apt-get,
>>> > because there can be more than one (install, remove, ...) command can
>>> > be
>>> > used in one line... Perhaps some shell script for this, which will
>>> > accept
>>> > only package names?
>>
>> You can create a "/usr/local/bin/a-g-i.sh" wrapper script
>>
>> if [ x"$*" = x ]; then
>> echo "USAGE: ..."
>> else /usr/bin/apt-get install -- "$@"
>> fi
>>
>> and give your partner (if you're comfortable given that company
>> installation rights!) sudo access to it.
>
>
> Careful with that:
>
> zircon:/home/richard# a-g-i.sh nano-
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> The following packages will be REMOVED:
> nano
> 0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
> After this operation, 1,810 kB disk space will be freed.
> Do you want to continue [Y/n]?
>
> :-)
:(
Thanks for pointing this out; I've never seen this before but have now
read the man page (I don't understand the rationale for it but it must
be useful to someone!).
So a check for a trailing "-" should be made...
Reply to: