[sudo-users] Giving access to one app for all users
Paul Thompson
p_thompson at mac.com
Wed May 17 13:03:47 EDT 2006
On 17-May-06, at 11:38 AM, Bob Proulx wrote:
>
> The script you wrote asks for the name and password. Gotcha.
>
> sudo will allow you to run the command as root but sudo will also ask
> for your password. So now you have one password question followed by
> a name and password question. Gotcha.
>
>> I have added a command
>> alias under the command alias specification for the path to the app,
>> and added the line %users ALL= NOPASSWD: PRINTING under the user
>> privilege specification.
>
>> Cmnd_Alias PRINTING = /Applications/PrintScrip.app
>> root ALL=(ALL) ALL
>> %admin ALL=(ALL) ALL
>> %users ALL= NOPASSWD: PRINTING
>
> This should allow all users in group "users" to run
> /Applications/PrintScrip.app without a password. Looks good. So now
> we only have your app asking for the name and password. Gotcha.
>
>> I would have thought that would have been what I needed, but when I
>> log in as a regular user, it still gives me the dialogue box to
>> enter a username and password.
>
> Dialog box? That would be your application, correct? Isn't that what
> you expect?
> I am not familiar with your Mac OS X system but on my GNU systems sudo
> does not pop up a dialog box. If it needs a password it will ask for
> it from the tty device with echo turned off. If you are seeing a
> dialog box it is probably from your application after sudo has started
> it.
>
> In the meantime, test sudo access using -l to list out what the user
> can do.
>
> sudo -l
>
> That should provide useful information.
>
> Bob
Hi Bob,
Thank you for your reply. I ran the sudo -l command, and here's
what I received back:
Pirates-Cove:/etc root# sudo -l
User paulthom may run the following commands on this host:
(ALL) ALL
(ALL) ALL
Pirates-Cove:/etc root#
which is odd, as I have a second admin user with the short name of
paul and he's not listed there. The dialogue box is from the
AppleScript app and I'm trying to remove it asking for a name and
password, which is why I thinking that if I modified the sudoers file
it would remove that barrier. Perhaps I am just approaching this
from the wrong way. Do you know if it is possible to change a file
using the command line, to fool it into thinking it's already
authenticated?
Thank you,
Paul
More information about the sudo-users
mailing list