[Gllug] sudo query
Bruce Richardson
itsbruce at uklinux.net
Tue Feb 5 15:40:46 UTC 2002
>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On 2/5/02, 3:17:28 PM, Vincent AE Scott <gllug at codex.net> wrote regarding
[Gllug] sudo query:
> i have a program that i want to use with sudo, the command can only be
> run by a defined user in /etc/sudoers. this works up till a point. The
> program thats started attempts to create a file in the real users $HOME.
> This fails, as sudo does setuid(), and so the program no longer his
> permission to write there.
> So the question is, how do i get sudo to use the home directory of the
> users its supposed to be running as? I've tried running sudo -H, but
> thats makes no difference. any ideas y'all?
Yes, actually. Obviously you can't access the real user's home directory
because the user sudo is switching to has no rights to the home directory. So
So
1. Write a a script something like this
#!/bin/bash
#
# /usr/local/bin/doforuser
touch /home/$1/filename
dowhateveritwas
2. Give the user that this sudo command runs as the right to run this
script as any user in a group that you specify.
3. Modify your current script/program so that it takes the username of
the real user as a parameter (or find some way to get that info - does
sudo put it in an environmental variable?).
4. Have your current script run
/usr/local/bin/doforuser $username
So you, as a user, run the sudo-ed program which, when it needs to do
stuff in your home directory, runs a script sudo-ed as you.
You need to be careful how you set this up to avoid abuse (make sure that
it's not possible to log in as the special user etc)
--
Bruce
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list