I would like to set a specific command to not require sudo privileges, is there a way to accomplish this? I know you can add commands to the sudoer file to allow certain commands to be used by non root accounts, so maybe there is something similar for adding commands to allow regular users to use?

  • tal
    link
    fedilink
    English
    arrow-up
    4
    ·
    6 months ago

    since it can lead to security vulnerabilities.

    Most software isn’t written to be hardened for that kind of invocation.

    Also, IIRC you can also do the same thing with the sgid bit.

    goes to check

    Yeah.

    $ mkdir test
    $ cd test
    $ cp /bin/id ./
    $ ls -ln id
    -rwxr-xr-x 1 1000 1000 48144 Jun  6 10:56 id
    $ ./id -g
    1000
    $ sudo chgrp 1001 id 
    $ sudo chmod g+s id 
    $ ./id -g
    1001
    $ ./id -gr
    1000
    $ 
    
    • Ferk@programming.dev
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      6 months ago

      True, SGID would affect the group it runs as, while SUID affects the user.

      You could set up things so that a group has permissions to do what you want, instead of the root user. But then this also depends on the usecase, I’m not sure if having root group permissions would be enough in all cases.