Re: Don't try this at home kids

To: debian-user@lists.debian.org
Subject: Re: Don't try this at home kids
From: Andrei POPESCU <andreimpopescu@gmail.com>
Date: Sun, 5 Dec 2021 16:46:06 +0100
Message-id: <[🔎] 20211205154606.rtna23eeuxdtow5r@acr13.nuvreauspam>
In-reply-to: <20211130044201.GD32633@axis.corp>
References: <4oo985q9-pp1o-p837-r65q-o89q2qoo187@ehcgherq-qhpx.pbz> <5ee7ca26-da2e-a872-875e-28e8a3707473@ardley.org> <alpine.NEB.2.23.451.2111291744530.20205@panix1.panix.com> <20211130044201.GD32633@axis.corp>

On Lu, 29 nov 21, 22:42:01, David Wright wrote:
> 
> You don't have to use sudo in the manner shown above. You can use
> it to allow certain users to run certain commands. I use it to run
> a defined set of routine commands without having to bother to switch
> to root, or to authenticate, or be careful, or be sober.

Considering sudoers syntax is less than intuitive an example might be in 
order:

    
    # members of adm can run certain commands as root without supplying 
    # a password
    Cmnd_Alias    ADM_COMMANDS = /usr/bin/dmesg, \
                                 /usr/bin/apt update, \
                                 /usr/bin/apt upgrade, \
                                 /usr/bin/apt autoremove --purge, \
                                 /usr/sbin/reboot, \
                                 /usr/sbin/poweroff

    %adm          ALL = (root) NOPASSWD: ADM_COMMANDS 


(since /etc/sudoers is a conffile I prefer to have the above in a file 
under /etc/sudoers.d/)


Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: Re: Don't try this at home kids
Next by Date: Re: Telegraph book?
Previous by thread: Re: Don't try this at home kids
Next by thread: How to force compilerversion
Index(es):
- Date
- Thread