[sudo-users] Giving access to one app for all users

Paul Thompson p_thompson at mac.com
Wed May 17 13:03:47 EDT 2006 

On 17-May-06, at 11:38 AM, Bob Proulx wrote:
>
> The script you wrote asks for the name and password.  Gotcha.
>
> sudo will allow you to run the command as root but sudo will also ask
> for your password.  So now you have one password question followed by
> a name and password question.  Gotcha.
>
>> I have added a command
>> alias under the command alias specification for the path to the app,
>> and added the line %users  ALL= NOPASSWD: PRINTING under the user
>> privilege specification.
>
>> Cmnd_Alias PRINTING = /Applications/PrintScrip.app
>> root    ALL=(ALL) ALL
>> %admin  ALL=(ALL) ALL
>> %users  ALL= NOPASSWD: PRINTING
>
> This should allow all users in group "users" to run
> /Applications/PrintScrip.app without a password.  Looks good.  So now
> we only have your app asking for the name and password.  Gotcha.
>
>> I would have thought that would have been what I needed, but when I
>> log in as a regular user, it still gives me the dialogue box to
>> enter a username and password.
>
> Dialog box?  That would be your application, correct?  Isn't that what
> you expect?

> I am not familiar with your Mac OS X system but on my GNU systems sudo
> does not pop up a dialog box.  If it needs a password it will ask for
> it from the tty device with echo turned off.  If you are seeing a
> dialog box it is probably from your application after sudo has started
> it.
>
> In the meantime, test sudo access using -l to list out what the user
> can do.
>
>   sudo -l
>
> That should provide useful information.
>
> Bob

   Hi Bob,

   Thank you for your reply.  I ran the sudo -l command, and here's  
what I received back:

Pirates-Cove:/etc root# sudo -l
User paulthom may run the following commands on this host:
     (ALL) ALL
     (ALL) ALL
Pirates-Cove:/etc root#

   which is odd, as I have a second admin user with the short name of  
paul and he's not listed there.  The dialogue box is from the  
AppleScript app and I'm trying to remove it asking for a name and  
password, which is why I thinking that if I modified the sudoers file  
it would remove that barrier.  Perhaps I am just approaching this  
from the wrong way.  Do you know if it is possible to change a file  
using the command line, to fool it into thinking it's already  
authenticated?

   Thank you,

   Paul

More information about the sudo-users mailing list