From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1GUX92-0006iH-QQ for garchives@archives.gentoo.org; Mon, 02 Oct 2006 23:24:21 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.8/8.13.6) with SMTP id k92NNFl8026063; Mon, 2 Oct 2006 23:23:15 GMT Received: from mail.netspace.net.au (cirrus.netspace.net.au [203.10.110.92]) by robin.gentoo.org (8.13.8/8.13.6) with ESMTP id k92NJ2p5022641 for ; Mon, 2 Oct 2006 23:19:03 GMT Received: from orpheus (ppp246-231.static.internode.on.net [203.122.246.231]) by mail.netspace.net.au (Postfix) with ESMTP id DC84B17015A for ; Tue, 3 Oct 2006 09:19:00 +1000 (EST) Subject: Re: [gentoo-user] Allow a user to restart net.wlan0? From: Iain Buchanan To: gentoo-user@lists.gentoo.org In-Reply-To: <20061002213138.1de2f106@hactar.digimed.co.uk> References: <5bdc1c8b0610021153q3865ff1ap28c83f8acead9a0a@mail.gmail.com> <20061002213138.1de2f106@hactar.digimed.co.uk> Content-Type: text/plain Date: Tue, 03 Oct 2006 08:48:59 +0930 Message-Id: <1159831139.8800.4.camel@orpheus> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.6.2 Content-Transfer-Encoding: 7bit X-Archives-Salt: 40b3cb8e-e258-49f1-9fb9-2d5e33642697 X-Archives-Hash: 916b3733aca5076ed4b6b980982c444c On Mon, 2006-10-02 at 21:31 +0100, Neil Bothwick wrote: > On Mon, 2 Oct 2006 15:38:39 -0400, Devon Miller wrote: > > > emerge app-admin/sudo > > > > Edit /etc/sudoers and add: > > > > username ALL= NOPASSWD: /etc/init.d/ner.wlan0 > > > > Where username is his login. To run it: > > sudo /etc/init.d/net.wlan0 restart > > A slightly more secure approach is to create a script to do what you want > the user to be able to do and add that to /etc/sudoers. Then you control > how the commands are executed as well as which commands. you can put arguments in the sudoers file. For example, username ALL=(ALL) NOPASSWD: /etc/init.d/net.wlan0 start would only allow "username" to start wlan0, but not stop / restart / anything else. (I would actually allow a restart, because sometimes my wlan0 goes down and the only way to get it back is to stop and start it). so for example, you could also say username ALL=(ALL) NOPASSWD: /sbin/fdisk -l which would allow username to run the safe fdisk -l, but not the unsafe fdisk. HTH, -- Iain Buchanan In the next world, you're on your own. -- gentoo-user@gentoo.org mailing list