LINUX.ORG.RU

Ответ на: комментарий от ne-vlezay 
Executing commands as another user

One challenge system administrators face is the contradictory requirement of multiple people managing machines using logins that shouldn't be shared. The doas(1) tool can solve this problem by permitting a certain subset of users to run predetermined commands as another user. Regular users can run administrative commands, only needing to authenticate as themselves, rather than needing the root password.
For example, if appropriately configured, the following command would display root's crontab(5) file:

$ doas crontab -l -u root
All commands are logged to /var/log/secure. Check the doas.conf(5) manual for configuration examples.
int13h ★★★★★
()
Ответ на: комментарий от ne-vlezay 
EXAMPLES

The following example permits user aja to install packages from a preferred mirror; group wheel to execute commands as any user while keeping the environment variables PS1 and SSH_AUTH_SOCK and unsetting ENV; permits tedu to run procmap as root without a password; and additionally permits root to run unrestricted commands as itself.
permit persist setenv { PKG_CACHE PKG_PATH } aja cmd pkg_add 
permit setenv { -ENV PS1=$DOAS_PS1 SSH_AUTH_SOCK } :wheel 
permit nopass tedu as root cmd /usr/sbin/procmap 
permit nopass keepenv root as root
int13h ★★★★★
()
Ответ на: комментарий от int13h 
# Allow wheel by default
permit keepenv :wheel
permit keepenv :root
permit nopass keepenv root as root
permit nopass keepenv _bitcoind as _bitcoind




# doas -u _bitcoind id       
doas (root@btc.ne-vlezay80.lan) password: 
doas: Operation not permitted
# doas -u _bitcoind id 
doas (root@btc.ne-vlezay80.lan) password: 
doas: Operation not permitted
# doas -u _bitcoind id 
doas (root@btc.ne-vlezay80.lan) password:

Всё равно запрашивает пароль, при попытке выполнить данные от другово пользователя

ne-vlezay ★★★★★
() автор топика
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.
General