| View previous topic :: View next topic |
| Author |
Message |
m_fighter
n00b
Joined: 20 May 2010
Posts: 22
|
 Posted: Thu May 26, 2011 3:40 pm Post subject: How to give users the ability to execute command as root? |
 |
|
but don't to give them root password?
Actually, the main task is giving the user write permission to the specific file.
I think, it should be a small program that run sudo and type password to stdout (but don't show it to user).
Is it possible?
For clarify: I know root password, but don't want to give it to another users. I don't have access to the computer, so only low privileged user can perform this operation.
I tried sudo, but user only have access to reboot and halt - so, there is no way to use sudo? |
|
| Back to top |
|
 |
mikegpitt
Advocate
Joined: 22 May 2004
Posts: 3224
|
| Posted: Thu May 26, 2011 3:56 pm Post subject: |
|
|
| If you only want to give the user the ability to write to a specific file use chown to change the file's ownership. They should be able to write to it if the parent directory structure at least allows read access to the file. Use chgrp if you want to give a group of users write access. Chmod is another option. |
|
| Back to top |
|
|
m_fighter
n00b
Joined: 20 May 2010
Posts: 22
|
| Posted: Fri May 27, 2011 2:11 am Post subject: |
|
|
I don't have any access to the computer. User can't execute chown, chgrp and so on, isn't it?
I need to give a permission to a user to execute ONE operation: chmod +w file.txt
So, what's the solution? |
|
| Back to top |
|
|
Jaglover
Watchman
Joined: 29 May 2005
Posts: 8291
Location: Saint Amant, Acadiana
|
|
| Back to top |
|
|
mikegpitt
Advocate
Joined: 22 May 2004
Posts: 3224
|
| Posted: Fri May 27, 2011 3:28 am Post subject: |
|
|
| m_fighter wrote: | I don't have any access to the computer. User can't execute chown, chgrp and so on, isn't it?
I need to give a permission to a user to execute ONE operation: chmod +w file.txt
So, what's the solution? |
If you don't have access to the machine you are out of luck. If your plan was to instead create a C executable that changes the file's permissions with sudo (as opposed to using chown or chmod), you would still need to log in as root to update the /etc/sudoers file.
Basically, you can't grant someone permissions if you can't log into the machine and give access. The only way for a user with bad permissions to be able to do this is to exploit a security hole in the system and have the exploit run the command -- probably not an ideal scenario.
One option to connect to the machine if you have network access available, and assuming the machine isn't running sshd -- have the user start sshd under their username. Then log in as that user (you will need their password), and then use su to get root access. This of course assumes the user is in the wheel group.
Or... if the user has access to the machine, you can have them reboot it in single user mode, and tell them the command to run (or have them add sshd to the default runlevel, and you can change it upon reboot). |
|
| Back to top |
|
|
m_fighter
n00b
Joined: 20 May 2010
Posts: 22
|
| Posted: Fri May 27, 2011 7:55 am Post subject: |
|
|
Ok, thanks for your answers.
So, there is no way to do it 
I don' have access to these computers because they are settled in different cities without any network.
Unfortunately, sudo was configured properly  - there is no access to any command except reboot and halt. |
|
| Back to top |
|
|
|
Networking & Security
