[sudo-users] Run as multiple groups without password with sudo
khalidiste at gmail.com
Wed Apr 15 05:54:11 MDT 2015
I am trying to allow an normal user to run some applications under other
uids for process separations.
The applications should run with certain groups permissions (like audio or
In the sudoers file i can specify that a user bob can run as a
non-privileged user jailed_user without password:
bob ALL=(JAILED_USERS) NOPASSWD: ALL
So in order to execute the command i usually use:
$ sudo -u jailed_user -g somegroup MyCommand
But i can specify only one group, the only other option is to preserve
bob's group vector.
Is there a way i can pick the group vector with sodo?
And is it normal that i can choose any group without password?
for example by default i can run as group root without password, this seem
to be harmfull; i can easly search for files owned by root with group write
$ find / -group root -perm /g=w -type f
More information about the sudo-users