[sudo-users] group in Runas
mlh at zip.com.au
mlh at zip.com.au
Thu Sep 30 10:22:02 EDT 2004
I've just been reading the man page for sudoers
and noticed the group stuff for Runas_User.
I tried putting this rule in sudoers:
mlh ALL=(root,%root,%bin,%daemon,%sys) /bin/id
and visudo doesn't complain about it.
But I'm not sure of how to invoke it or the semantics!
I tried
sudo -u root,%root,%bin,%daemon,%sys /bin/id
but that came back with
sudo: no passwd entry for root,%root,%bin,%daemon,%sys!
Background: I wrote a little program to use setgroups(2)
and then run a shell that I call 'hat'. But then
wondered whether I could do the same thing in sudo.
transcript of hat example:
bash-2.05b$ id -a
uid=501(mlh) gid=501(mlh) groups=501(mlh)
bash-2.05b$ hat
bash-2.05b$ id -a
uid=501(mlh) gid=501(mlh) groups=1(bin),2(daemon),3(sys),4(adm),5(tty),6(disk),7(lp)
This version has a hardwired list of groups 1->7 , just for testing.
--
Matt
More information about the sudo-users
mailing list