[sudo-users] use of sudo with -g option
Michael Potter
michael at potter.name
Fri May 14 21:32:24 EDT 2010
Sudo Crew,
I am trying to understand how the -g option works. Here are some of my tests:
pottmi:~ pottmi$ id
uid=501(pottmi) gid=501(pottmi)
groups=501(pottmi),101(com.apple.sharepoint.group.1),204(_developer),100(_lpoperator),98(_lpadmin),81(_appserveradm),80(admin),79(_appserverusr),61(localaccounts),12(everyone),402(com.apple.access_screensharing)
pottmi:~ pottmi$ sudo -u root -g everyone id
Password:
Sorry, user pottmi is not allowed to execute '/usr/bin/id' as
root:everyone on pottmi.local.
So, I add this rule:
pottmi ALL=(root:everyone) /usr/bin/id
And try again:
pottmi:~ pottmi$ sudo -u root -g everyone id
uid=0(root) gid=0(wheel)
groups=0(wheel),101(com.apple.sharepoint.group.1),204(_developer),100(_lpoperator),98(_lpadmin),80(admin),61(localaccounts),29(certusers),20(staff),12(everyone),9(procmod),8(procview),5(operator),4(tty),3(sys),2(kmem),1(daemon),402(com.apple.access_screensharing)
pottmi:~ pottmi$ sudo -V
Sudo version 1.7.0
So, here are my questions:
1) Where is it documented to specify a group in the runas user
specification? I did not find it anywhere in doc, I just guessed.
2) Why doesn't the id command report gid=12? [12 is everyone's group id]
--
Michael Potter
More information about the sudo-users
mailing list