the sudoers file provides for specifying which commands a user is allowed to run.  If you make a sudo group on this computer then the users in that group do not need a password.  with these two features you can do what you want.


On 9/7/06, Roy Souther <[EMAIL PROTECTED]> wrote:
I think this is beyond the ability of SUDO but I need some solution.

I need to be able to setup some way for a bash script to be run only by regular users without any arguments and run by root with specific arguments that are gathered when it is run by a regular user.

So when Joe runs the script it sees that Joe is not root and so it builds some arguments and sends it off to itself or another script as root by some system that works like sudo.

The reason I think that sudo will not work is I cannot let people run the sudo script directly and add their own arguments. Example; sudo thescript h=1 y=45. If run as a normal user it must not allow arguments and when run as root the only arguments that are allowed are then ones generated when the script ran as a normal user.

The only way I think I could make sudo work for this is if the script when run with sudo as root would check the parent PID to find the program that called it, but I think that could be faked by creating another script of the same name. A solution to that would be to some how get the inode for the current script from the /proc/$$/ files. I know how to do that.

So is there a better way? Is there some option I can set in the sudoers file to do this?


Royce Souther
www.SiliconTao.com
Let Open Source help your business move beyond.

For security this message is digitally authenticated by GnuPG.




_______________________________________________
clug-talk mailing list
[email protected]
http://clug.ca/mailman/listinfo/clug-talk_clug.ca
Mailing List Guidelines (http://clug.ca/ml_guidelines.php )
**Please remove these lines when replying



_______________________________________________
clug-talk mailing list
[email protected]
http://clug.ca/mailman/listinfo/clug-talk_clug.ca
Mailing List Guidelines (http://clug.ca/ml_guidelines.php)
**Please remove these lines when replying

Reply via email to