|
Key
This line was removed.
This word was removed. This word was added.
This line was added.
|
Changes (23)
View Page History...
2.- Create a new gcusers group
{code:none}
$ sudo addgroup --system --quiet gcusers
3.- Change galicaster log and conf files permissions.
{code:none}
$ ETCDIR="/etc/galicaster"
$ LOGDIR="/var/log/galicaster"
$ sudo chown -R gcuser:gcuser ${ETCDIR}
sudo chown -R gcuser:gcuser \${ETCDIR}
$ sudo find ${ETCDIR} -type d -exec chmod 0770 {} \;
$ sudo find ${ETCDIR} -type f -exec chmod 0660 {} \;
$ sudo install -d -o gcuser -g gcuser -m770 \${LOGDIR}
$ sudo touch ${LOGDIR}/galicaster.log
$ sudo chown gcuser:gcuser ${LOGDIR}/galicaster.log
$ sudo chmod 660 ${LOGDIR}/galicaster.log
$ sudo chown gcuser:gcuser ${LOGDIR}/galicaster.log
$ sudo chmod 660 ${LOGDIR}/galicaster.log
sudo touch \${LOGDIR}/galicaster.log
sudo chown gcuser:gcuser \${LOGDIR}/galicaster.log
sudo chmod 660 \${LOGDIR}/galicaster.log
{code}
sudo chown gcuser:gcuser \${LOGDIR}/galicaster.log
sudo chmod 660 \${LOGDIR}/galicaster.log
{code}
4.- Add the application to sudoers.d
{code:none}
$ sudo sh -c 'cat >/etc/sudoers.d/galicaster <<EOF
%gcusers ALL=(gcuser:gcuser) NOPASSWD: /usr/bin/python /usr/share/galicaster/run_galicaster.py
EOF'
EOF'
$ sudo chmod 0440 /etc/sudoers.d/galicaster
{code}
5.- Modify galicaster bin
{code:none}
$ sudo sh -c 'cat >/usr/bin/galicaster <<EOF
#!/bin/sh
sudo -g gcuser /usr/bin/python /usr/share/galicaster/run_galicaster.py
EOF'
sudo -g gcuser /usr/bin/python /usr/share/galicaster/run_galicaster.py
EOF'
$ sudo chmod -R 755 /usr/bin/galicaster
{code}
6.- Add the normal user to the gcusers group (you need to do this for each user you want to be able to run galicaster)
{code:none}
$ sudo addgroup `whoami` gcusers
{code}
Finally you need to close the session so the permission changes are applied correctly.
...