Announcement

Collapse
No announcement yet.

Sudoers question - SOLVED

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Sudoers question - SOLVED

    Hi all,

    My wife and I share the same computer. We each have our own login IDs. Her acct is setup as a normal user. Is there a way, maybe a Sudoers entry, to only allow her to download & install software using Adept & Synaptic? She is a game addict, but I do not want to give her admin rights to the entire OS.

    Thank you

    Mike
    txWingMan

    #2
    Re: Sudoers question

    AFAIK, members of the "admin" group have sudo, aka "root" privileges, and everyone else does not. So you're either in the group, or not. I have not heard of "semi-admin" privileges.

    But, if you put her in the admin group and show her how to use Adept Manager, that seems fairly harmless. If she doesn't know the CLI commands that would cause harm, and you don't teach them to her, and she only uses her privileges to run Adept Manager, I don't see how she'll destroy the system (but, I admit I don't know her!).

    Comment


      #3
      Re: Sudoers question

      You can put something like
      wife's_username ALL = /usr/sbin/synaptic, /usr/bin/adept_manager
      in /etc/sudoers to allow your wife to run synaptic and adept with sudo (replace 'wife's_username' with her actual username)

      Comment


        #4
        Re: Sudoers question

        Thanks, guys. I try to add a line using visudo and the editor is not behaving. I'll search around for this issue.
        txWingMan

        Comment


          #5
          Re: Sudoers question

          Originally posted by txWingMan
          I try to add a line using visudo and the editor is not behaving.
          Do you have a problem with the editor or with sudoers syntax?

          Comment


            #6
            Re: Sudoers question

            When I go to the end of a line to press Enter for a Newline, the cursor positions itself over the last charachter of the line. If I go to a blank line and paste in the line above, it pastes it at the start of the prev line.....

            Maybe it is a case of not knowing how to use this editor?
            txWingMan

            Comment


              #7
              Re: Sudoers question

              Originally posted by txWingMan
              Maybe it is a case of not knowing how to use this editor?
              Is vi/vim editor a new thing for you?

              Here's a small crash course:
              vi/vim is a 'modal' editor, so make sure you are insert mode to add text (press 'i' to get to insert mode... 'Esc' will get you back in command mode afterwards).

              Other commands you may need (in command mode):
              :w (save file)
              :q (quit)

              Comment


                #8
                Re: Sudoers question

                AH! That explains it. It uses vi. Thank you!

                Edit: That did it. Adding the line to sudoers and I don't see any possibilities for shell escapes either.

                txWingMan

                Comment


                  #9
                  Re: Sudoers question

                  Originally posted by txWingMan
                  Adding the line to sudoers and I don't see any possibilities for shell escapes either.
                  Theoretically, if you allow (only) password protected remote access for that user and the password is cracked...the cracker can set his/her own repositories with synaptic or adept and install pretty much anything on your machine (including modifed versions of software to get full root access).

                  The chances of this happening are rather small, and there are several rather easy ways to make it 'impossible', like (in no particular order):
                  1. strong password
                  2. host key remote authentication instead of password authentication.
                  3. no remote login allowed for that user
                  4. separate root password and user password, with sudo set to ask for the root password

                  No need to worry about local vulnerabilities, since anyone with physical access to the machine can get root access with a bit of knowledge.

                  If you're only worried about your wife messing up the system (no remote logins), you're rather safe (if she knows enough to exploit any loopholes...she's not very likely to mess anything up :P ).

                  Comment

                  Working...
                  X