View previous topic :: View next topic |
Author |
Message |
wilsonsamm Apprentice
Joined: 12 Jul 2008 Posts: 196
|
Posted: Tue Aug 25, 2009 7:42 am Post subject: /proc/ readable and writeable by user |
|
|
How do I do this? I want to allow my users to suspend the computer, and view the kernel logs and such, but the /proc/ filesystem seems not to support UNIX style permissions. |
|
Back to top |
|
|
richard.scott Veteran
Joined: 19 May 2003 Posts: 1497 Location: Oxfordshire, UK
|
Posted: Tue Aug 25, 2009 8:35 am Post subject: |
|
|
Have you thought about using the "sudo" package?
You can give users access to specific commands rather than the /proc filesystem.
Rich |
|
Back to top |
|
|
wilsonsamm Apprentice
Joined: 12 Jul 2008 Posts: 196
|
Posted: Wed Aug 26, 2009 12:50 pm Post subject: |
|
|
I intend to put "echo disk > /sys/power/state" into the menu of the users' GUI. Can I pass root's password to sudo on the command line? |
|
Back to top |
|
|
richard.scott Veteran
Joined: 19 May 2003 Posts: 1497 Location: Oxfordshire, UK
|
Posted: Wed Aug 26, 2009 1:06 pm Post subject: |
|
|
That's the clever part with sudo is that you don't need to know or give out the root password.
Create a script with the following:
Code: | #!/bin/bash
echo disk > /sys/power/state |
and save it somewhere like /usr/local/bin/suspend
Add /usr/local/bin/suspend onto the users menu.
and add this into the bottom of the /etc/sudoers file (using the 'visudo' command).
Code: | %users ALL=NOPASSWD: /usr/local/bin/suspend |
Anyone in the "users" group should then be able to run that script which will in turn suspend the PC.
Rich |
|
Back to top |
|
|
wilsonsamm Apprentice
Joined: 12 Jul 2008 Posts: 196
|
Posted: Sat Aug 29, 2009 7:18 am Post subject: |
|
|
Ah
Great idea, thank you
in the /etc/sudoers file, can I have two lines there, and is this the appropriate syntax:?
Code: | %users ALL=NOPASSWD: /usr/local/bin/suspend
%users ALL=NOPASSWD: /usr/local/bin/kmsg |
Also, I don't like using visudo, so can I use nano or is this dangerous, and why/how? |
|
Back to top |
|
|
richard.scott Veteran
Joined: 19 May 2003 Posts: 1497 Location: Oxfordshire, UK
|
Posted: Sat Aug 29, 2009 10:33 am Post subject: |
|
|
Yes that entry looks ok. It should allow any user in the "users" group to run the commands.
Also, there's no problem in using Nano... I do just that
You need to set your "EDITOR" environment variable in your /etc/profile file.
to test do this:
Code: | # EDITOR=nano visudo |
and you should be able to edit the file with nano. |
|
Back to top |
|
|
|