[sudo-users] group in Runas

mlh at zip.com.au mlh at zip.com.au
Thu Sep 30 10:22:02 EDT 2004


I've just been reading the man page for sudoers
and noticed the group stuff for Runas_User.

I tried putting this rule in sudoers:

 mlh     ALL=(root,%root,%bin,%daemon,%sys) /bin/id

and visudo doesn't complain about it.

But I'm not sure of how to invoke it or the semantics!

I tried  

 sudo -u root,%root,%bin,%daemon,%sys /bin/id

but that came back with 
 sudo: no passwd entry for root,%root,%bin,%daemon,%sys!

Background: I wrote a little program to use setgroups(2)
and then run a shell that I call 'hat'.  But then
wondered whether I could do the same thing in sudo.

transcript of hat example:

bash-2.05b$ id -a
uid=501(mlh) gid=501(mlh) groups=501(mlh)
bash-2.05b$ hat
bash-2.05b$ id -a
uid=501(mlh) gid=501(mlh) groups=1(bin),2(daemon),3(sys),4(adm),5(tty),6(disk),7(lp)

This version has a hardwired list of groups 1->7 , just for testing.


--
Matt







More information about the sudo-users mailing list