You are not logged in.
Pages: 1
Hi,
First of all, everything works fine on my system. I'm just unfamiliar with groups and I've been wondering for a while how to avoid using sudo each time I want to use the wifi-menu program with a standard user (so not root). I'm just looking for a short explaination and solution (if possible) about this.
I've not seen any topic in the newbie corner like this one so here it is.
Offline
The program has to run as root. The question is how to achieve the privilege escalation.
Is the problem with sudo that you not want everyone to be a member of wheel?
Suppose they could not be a member of wheel, but could run wifi menu as sudo wifi-menu and then not have to enter a password, and the only program they could run with sudo would be wifi-menu. In the mean time, members of wheel could continue to run any program with sudo. Would that suffice?
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way
Offline
I'll just leave this here.
Offline
Suppose they could not be a member of wheel, but could run wifi menu as sudo wifi-menu and then not have to enter a password, and the only program they could run with sudo would be wifi-menu. In the mean time, members of wheel could continue to run any program with sudo. Would that suffice?
That's a start ! On my machine I only have two users : root and me (etienne) which I added at system-install time to wheel. So if I understand this well : this only enable etienne to use 'sudo wifi-menu' whereas if etienne wasn't in wheel, only root could use this command so I'd have to run 'su' and then 'wifi-menu'. Am I wrong ?
Offline
Close. Read man sudoers
Using visudo, create a rule like this:
ALL ALL=(ALL) NOPASSWD: /usr/bin/wifi-menu
This should (I did not test it) allow anyone on your system to run sudo wifi-menu without having to enter a password.
If you leave out NOPASSWD, then anyone can run sudo wifi-menu, but they will be challanged for their password for their account before receiving privilege escalation. Regardless, the escalation for this rule will only be granted for wifi-menu
Edit: Now that I reread your post, you got it exactly. I may have overcomplicated things. If you only want your single non-root user to be able to use wifi-menu (or any other program) using sudo, add then to the wheel group and uncomment the
%wheel ALL=(ALL) ALL
line.
Last edited by ewaller (2015-09-08 17:01:21)
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way
Offline
Just thought I'd add, make sure you put the new rule ewaller mentions at the bottom of your sudoers file. The order matters.
Offline
Yes I need to read more the manual about sudoers. It is just not easy (to me at least) to understand everything without testing. And I don't want to make bad things on my system. But this begins to clear things !
Thank you.
Offline
Pages: 1