[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Installing Packages as Another User with Sudo

On Sat, Jul 14, 2018 at 1:17 AM Ricardo Grant <rgrant at> wrote:
> I have been trying and failing to set up the sudoers file so that I
> can run apt/dpkg/etc as another user without sudo (root) access. Here
> is a snippet:
> # Restrict the user "packager" to only installing packages on this
> # machine
> packager home = NOPASSWD: (root) /usr/bin/apt, (root)
> /usr/bin/aptitude, (root) /usr/bin/dpkg
> # Allow users to install packages via "packager"
> granttrec home = (packager) /usr/bin/apt, (packager) /usr/bin/aptitude
> The user packager was created as a system user and belongs to nogroup,
> I tried adding thi user to the sudo group but no effect, the command I
> am trying to run is:
> sudo -u packager sudo aptitude install ...
> Also If I enter aptitude, I can become root without a sudo promt.

1) What does "enter aptitude" mean?

2) I assume that "grantrec" is a group. If it is, you'll need "%grantrec".

3) Don't add "packager" to the "sudo" group or the "grantrec"
members'll be able to run any command as "root".

4) Are you sure that you can put "NOPASSWD:" before the systemname?
I'm not familiar with allowing multiple commands without an alias so
maybe. But, AFAIR, comes just before a command.

5) Why do you need "packager"? You can give the "grantrec" members
direct access:

Cmnd_Alias INST = /usr/bin/apt, /usr/bin/aptitude, /usr/bin/apt-get,

%grantrec home = (root) INST