| 1 |
On Mon, 2006-10-02 at 21:31 +0100, Neil Bothwick wrote: |
| 2 |
> On Mon, 2 Oct 2006 15:38:39 -0400, Devon Miller wrote: |
| 3 |
> |
| 4 |
> > emerge app-admin/sudo |
| 5 |
> > |
| 6 |
> > Edit /etc/sudoers and add: |
| 7 |
> > |
| 8 |
> > username ALL= NOPASSWD: /etc/init.d/ner.wlan0 |
| 9 |
> > |
| 10 |
> > Where username is his login. To run it: |
| 11 |
> > sudo /etc/init.d/net.wlan0 restart |
| 12 |
> |
| 13 |
> A slightly more secure approach is to create a script to do what you want |
| 14 |
> the user to be able to do and add that to /etc/sudoers. Then you control |
| 15 |
> how the commands are executed as well as which commands. |
| 16 |
|
| 17 |
you can put arguments in the sudoers file. For example, |
| 18 |
|
| 19 |
username ALL=(ALL) NOPASSWD: /etc/init.d/net.wlan0 start |
| 20 |
|
| 21 |
would only allow "username" to start wlan0, but not stop / restart / |
| 22 |
anything else. |
| 23 |
|
| 24 |
(I would actually allow a restart, because sometimes my wlan0 goes down |
| 25 |
and the only way to get it back is to stop and start it). |
| 26 |
|
| 27 |
so for example, you could also say |
| 28 |
username ALL=(ALL) NOPASSWD: /sbin/fdisk -l |
| 29 |
|
| 30 |
which would allow username to run the safe fdisk -l, but not the unsafe |
| 31 |
fdisk. |
| 32 |
|
| 33 |
HTH, |
| 34 |
-- |
| 35 |
Iain Buchanan <iaindb at netspace dot net dot au> |
| 36 |
|
| 37 |
In the next world, you're on your own. |
| 38 |
|
| 39 |
-- |
| 40 |
gentoo-user@g.o mailing list |
Archives