[sudo-users] Giving access to one app for all users

Bob Proulx bob at proulx.com
Wed May 17 11:38:33 EDT 2006


Paul Thompson wrote:
> I have a client OS X 10.4.6 machine that I have created an
> AppleScript application on.  It is designed to replace the
> printers.conf file in the /etc/cups directory.  To be able to do
> that you need to enter an administrator's name and password to run
> the script.

The script you wrote asks for the name and password.  Gotcha.

> What I'm trying to do is remove that limitation for that one app so
> that any user, whether local or networked, will be able to run that
> script.  I have tried modifying the sudoers file in /etc/.

sudo will allow you to run the command as root but sudo will also ask
for your password.  So now you have one password question followed by
a name and password question.  Gotcha.

> I have added a command  
> alias under the command alias specification for the path to the app,  
> and added the line %users  ALL= NOPASSWD: PRINTING under the user  
> privilege specification.

> Cmnd_Alias PRINTING = /Applications/PrintScrip.app
> root    ALL=(ALL) ALL
> %admin  ALL=(ALL) ALL
> %users  ALL= NOPASSWD: PRINTING

This should allow all users in group "users" to run
/Applications/PrintScrip.app without a password.  Looks good.  So now
we only have your app asking for the name and password.  Gotcha.

> I would have thought that would have been what I needed, but when I
> log in as a regular user, it still gives me the dialogue box to
> enter a username and password.

Dialog box?  That would be your application, correct?  Isn't that what
you expect?

I am not familiar with your Mac OS X system but on my GNU systems sudo
does not pop up a dialog box.  If it needs a password it will ask for
it from the tty device with echo turned off.  If you are seeing a
dialog box it is probably from your application after sudo has started
it.

In the meantime, test sudo access using -l to list out what the user
can do.

  sudo -l

That should provide useful information.

Bob



More information about the sudo-users mailing list