You are not logged in.

#1 2022-01-11 04:05:15

TaTuKoMa
Member
Registered: 2021-11-14
Posts: 16

[SOLVED] SUDO Enable explicitly defined commands only for user

Hello. I write in visudo:
USER_NAME HOST_NAME=/usr/bin/pacman -S
But when i try "sudo pacman -S opera" it says i cant du that. I understand that "pacman -S" it's not the same "pacman -S opera".
What i have to write in "pacman -S (in there)" to allow install any applications?

Solution. Make script 'pac_setup'

if [[ $1 != -* ]]
then
pacman -S $1
fi

Change owner script to root. And write in visudo USER_NAME HOST_NAME=/path to script/pac_setup*

Last edited by TaTuKoMa (2022-01-19 12:20:29)

Offline

#2 2022-01-11 04:33:24

TaTuKoMa
Member
Registered: 2021-11-14
Posts: 16

Re: [SOLVED] SUDO Enable explicitly defined commands only for user

Interesting that work with "mount" command

Last edited by TaTuKoMa (2022-01-11 07:35:11)

Offline

#3 2022-01-11 04:40:39

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: [SOLVED] SUDO Enable explicitly defined commands only for user

man sudoers | less -p "PASSWD and NOPASSWD"

Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#4 2022-01-11 04:53:55

Xyne
Administrator/PM
Registered: 2008-08-03
Posts: 6,963
Website

Re: [SOLVED] SUDO Enable explicitly defined commands only for user

You can use wildcards to allow arbitrary arguments:

https://man.archlinux.org/man/sudoers.5#Wildcards
https://serverfault.com/questions/38302 … doers-file

The wildcards are somewhat limited so it's difficult to correctly restrict the arguments. For example, you should prevent users from passing options such as "pacman -S foo -y" and other variations that lead to full or partial upgrades, or options that can change install reasons (--asdeps, --asexplicit). The recommended solution would be to create a dedicated wrapper that filters command-line options to pacman -S. For example,

#/usr/bin/bash
set -eu
pkgnames=()
for arg in "$@"
do
  if [[ $arg == -* ]]
  then
    continue
  fi
  pkgnames+=("$arg")
done
/usr/bin/pacman -S "${pkgnames[@]}"

This is untested but should serve as a starting point.


My Arch Linux StuffForum EtiquetteCommunity Ethos - Arch is not for everyone

Offline

#5 2022-01-11 07:47:22

TaTuKoMa
Member
Registered: 2021-11-14
Posts: 16

Re: [SOLVED] SUDO Enable explicitly defined commands only for user

Sorry. It's just start work. I think problem was that i'm was not restart second terminal after save changes in visudo.

Offline

#6 2022-01-11 08:15:10

TaTuKoMa
Member
Registered: 2021-11-14
Posts: 16

Re: [SOLVED] SUDO Enable explicitly defined commands only for user

After reboot it's not work again.
It's because i was testet wildcards * and he not work. But start work after reboot terminal. And then i was delete it from visudo, because sink he don't need anymore.

Last edited by TaTuKoMa (2022-01-11 08:20:47)

Offline

#7 2022-01-12 13:19:20

TaTuKoMa
Member
Registered: 2021-11-14
Posts: 16

Re: [SOLVED] SUDO Enable explicitly defined commands only for user

Xyne wrote:
#/usr/bin/bash
set -eu
pkgnames=()
for arg in "$@"
do
  if [[ $arg == -* ]]
  then
    continue
  fi
  pkgnames+=("$arg")
done
/usr/bin/pacman -S "${pkgnames[@]}"

Please help me understand. Where i need write it? And what i have to write in visudo?

Offline

#8 2022-01-12 13:38:29

Slithery
Administrator
From: Norfolk, UK
Registered: 2013-12-01
Posts: 5,776

Re: [SOLVED] SUDO Enable explicitly defined commands only for user

Post the contents of your sudoers file.


No, it didn't "fix" anything. It just shifted the brokeness one space to the right. - jasonwryan
Closing -- for deletion; Banning -- for muppetry. - jasonwryan

aur - dotfiles

Offline

#9 2022-01-12 18:04:28

TaTuKoMa
Member
Registered: 2021-11-14
Posts: 16

Re: [SOLVED] SUDO Enable explicitly defined commands only for user

Problem solved

Offline

#10 2022-01-12 18:09:51

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,740

Re: [SOLVED] SUDO Enable explicitly defined commands only for user

TaTuKoMa wrote:

Problem solved

Please edit your first post, edit the title, and prepend [SOLVED] to the title.  You may need to shorten the title to get it all to fit.

Thanks


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#11 2022-01-12 19:13:18

Slithery
Administrator
From: Norfolk, UK
Registered: 2013-12-01
Posts: 5,776

Re: [SOLVED] SUDO Enable explicitly defined commands only for user


No, it didn't "fix" anything. It just shifted the brokeness one space to the right. - jasonwryan
Closing -- for deletion; Banning -- for muppetry. - jasonwryan

aur - dotfiles

Offline

#12 2022-01-14 19:05:53

TaTuKoMa
Member
Registered: 2021-11-14
Posts: 16

Re: [SOLVED] SUDO Enable explicitly defined commands only for user

ewaller wrote:
TaTuKoMa wrote:

Problem solved

Please edit your first post, edit the title, and prepend [SOLVED] to the title.  You may need to shorten the title to get it all to fit.

Thanks

Done

Offline

Board footer

Powered by FluxBB