[sudo-users] (Hopefully) quick policy question
Mihai Moldovan
ionic at ionic.de
Wed Sep 27 08:20:58 MDT 2023
* On 9/27/23 16:03, Jore wrote:
> Thanks for that.
>
> Okay, so here's what I've tried:
>
> [...]
> sudo /usr/bin/bash /root/acme.sh/acme.sh --force --issue --domain
> "${domain}" --webroot /var/lib/ssl/
> [...]
>
> root at test:~# cat /etc/sudoers.d/test
> test ALL = NOPASSWD: /usr/bin/bash /home/test/acme-wrapper.sh *
>
>
> And now logging in as test user:
>
> test at test:~$ bash /home/test/acme-wrapper.sh foo.example.com
> [sudo] password for test:
> sudo: a password is required
No, that's exactly the wrong way around.
Keep the call to /root/acme.sh/acme.sh (or /root/.acme.sh/acme.sh?) without a
prepended sudo call and, as the normal user, call "sudo bash
/home/test/acme-wrapper.sh foo.example.com". Your sudoers file is already
correctly set up for that to work.
Mihai
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://www.sudo.ws/pipermail/sudo-users/attachments/20230927/5dbce145/attachment.bin>
More information about the sudo-users
mailing list