You are not logged in.
I want to allow my students to execute a program on the server with no network cards for testing purposes.
My plan is adding this script to the server (called nonetwork):
#/bin/sh
set -e
ID="`id -u`"
if [ -z "$NONETWORKESCALATED" ] && [ "$ID" == 0 ] ;then
# called directly as root, just call unshare
exec unshare -n "$@"
fi
if [ "$ID" != 0 ] ;then
#not root yet, escalate
exec sudo -E NONETWORKESCALATED=1 "$0" "$ID" "$@"
fi
#escalated, execute programs as user
ID=$1
shift 1
prg=${1:?What to execute?}
exec unshare -n sudo -E -u "#$ID" "$@"each user is part of the group users and I want to allow to execute this script via sudo without password for users. Of course root itself can use sudo freely.
So my question is, am I missing anything that might be used to escalate rights via this script?
Offline
each user is part of the group users and I want to allow to execute this script via sudo without password for users
/etc/sudoers
.......
## Uncomment to allow members of group wheel to execute any command
# %wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
## Uncomment to allow members of group sudo to execute any command
# %sudo ALL=(ALL) ALL
.....Offline
I am missing the point of showing a part of the default sudoers... but thanks anyway.
I was thinking something like this:
%users ALL = NOPASSWD: /usr/local/bin/nonetworkOffline