Pavnay

 
  • Increase font size
  • Default font size
  • Decrease font size
FrançaisEnglish

[System] Allow a non-root user to execute a privileged program

Print
System
Who never execute a program being a non root user and read the famous Permission denied ?
To resolve this, There are many methods : to be in the right group, to add sudo rights to the user.


Belong to the right group :
Rights usnder Linux are divided into 3 entities :
  • the user
  • the group
  • the other
Some program installations create user and group creation (i.e. postfix and kvm).
So, in order to use this program, the user must belong to its group.
To authorize an user, just do (here for kvm) :

sudo adduser $USER kvm


The sudo rights :

sudo is a program permiting an user to execute a program having temporaly the root rights. This is really usefull when we must change system security.
An simple example is the httpd server by the Apache Foundation. This server open the 80 port to listen but for security reasons, only the root user can open ports under 1024 and it's awkward for some people as developers.
The solution consists of modifying system settings to authorize these modifications by other users than root.
The file to modify is /etc/sudoers but only root can do it using visudo or sudoedit /etc/sudoers.

Example giving to users belonging to the dev group to launch apache2 :
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

Defaults    env_reset

# Host alias specification

# User alias specification
User_Alias DEV=febbweiss

# Cmnd alias specification
Cmnd_Alias APACHE=/usr/local/apache2/bin/apachectl

# User privilege specification
root    ALL=(ALL) ALL

# Uncomment to allow members of group sudo to not need a password
# (Note that later entries override this, so you might need to move
# it further down)
# %sudo ALL=NOPASSWD: ALL

# Members of the admin group may gain root privileges
%dev ALL=(ALL) NOPASSWD: APACHE

Some explanation :
  • Cmnd_Alias is the program list (if many, separated by comma) associated to an alias (here apachectl)
  • %dev ALL=(ALL) NOPASSWD: APACHE means that all users in the dev group can use commands defined by the APACHE alias. For a specific user, delete the %.


Comments
Add New
+/-
Write comment
Name:
Email:
 
Title:
 
:D:):(:0:shock::confused:8):lol::x:P:oops::cry:
:evil::twisted::roll::wink::!::?::idea::arrow:
 

3.26 Copyright (C) 2008 Compojoom.com / Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."

 

RTFM

Actualités

Graphic

Miniature painting


AddThis Social Bookmark Button