• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag
 

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: sudoing into root
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: sudoing into root

  • Subject: Re: sudoing into root
  • From: Graff <email@hidden>
  • Date: Mon, 24 May 2004 13:59:08 -0400
Why not just make one user part of the admin group and then also give him the NOPASSWD flag? Then you can have a second user with normal admin privileges, third user with normal privileges, etc.

The user with full NOPASSWD privileges would be pretty insecure to have on a machine but it would still be more secure than allowing everyone full privileges. Then you wouldn't need to maintain two machines, you could just switch users using the Fast User Switching and you would have the different privileges to test out.

Plus then there would be no real need to toggle the sudoers file, which really should only be edited with the visudo tool for safety.

I believe that all you need to do to make this work is to create a user, say 'foo', make him an admin, and then add this line to the sudoers file:

foo ALL=(ALL) NOPASSWD:ALL

- Ken

On May 24, 2004, at 10:24 AM, Gnarlodious wrote:

It seems that editing an existing file does not involve the container's
ownership but when writing a nonexistent file suddenly the container's
ownership is called into the equation.

The solution is to set the container's owner to a qualified user or group
before writing the file and then change it back afterwards.

This was not a problem until recently, when I modified my sudoers file to
remove myself as a sudoer.

With this line giving me uncontrolled access:
user ALL=(ALL) NOPASSWD:ALL
it turned out I was writing scripts that others could not authenticate.
I suppose I shall maintain one machine with myself as 'unsudoed' for script
testing purposes. The sudoers file trick really makes it a lot easer to "do
stuff" but it is not easily edited, in fact, it will not even run if
permissions and mode are not right.

So, an Applescript for sudoers toggling? What a concept!
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.

References: 
 >Re: sudoing into root (From: Gnarlodious <email@hidden>)

  • Prev by Date: Re: Unacceptable Rudeness (was "Unsafe Handlers Revisited")
  • Next by Date: Re: AppleScript Users Archives
  • Previous by thread: Re: sudoing into root
  • Next by thread: Distiller problem
  • Index(es):
    • Date
    • Thread