Loading sub-menu...

Galicaster sudoer conf

compared with
Key
This line was removed.
This word was removed. This word was added.
This line was added.

Changes (23)

View Page History
2.- Create a new gcusers group

{code:none}
$ sudo addgroup --system --quiet gcusers

3.- Change galicaster log and conf files permissions.

{code:none}
$ ETCDIR="/etc/galicaster"
$ LOGDIR="/var/log/galicaster"

$ sudo chown -R gcuser:gcuser ${ETCDIR}
sudo chown -R gcuser:gcuser \${ETCDIR}
$ sudo find ${ETCDIR} -type d -exec chmod 0770 {} \;
$ sudo find ${ETCDIR} -type f -exec chmod 0660 {} \;

$ sudo install -d -o gcuser -g gcuser -m770 \${LOGDIR}
$ sudo touch ${LOGDIR}/galicaster.log
$ sudo chown gcuser:gcuser ${LOGDIR}/galicaster.log
$ sudo chmod 660 ${LOGDIR}/galicaster.log
sudo touch \${LOGDIR}/galicaster.log
sudo chown gcuser:gcuser \${LOGDIR}/galicaster.log
sudo chmod 660 \${LOGDIR}/galicaster.log
{code}

4.- Add the application to sudoers.d

{code:none}
$ sudo sh -c 'cat >/etc/sudoers.d/galicaster <<EOF
%gcusers ALL=(gcuser:gcuser) NOPASSWD: /usr/bin/python /usr/share/galicaster/run_galicaster.py
EOF'
$ sudo chmod 0440 /etc/sudoers.d/galicaster
{code}


5.- Modify galicaster bin

{code:none}
$ sudo sh -c 'cat >/usr/bin/galicaster <<EOF
#!/bin/sh
sudo -g gcuser /usr/bin/python /usr/share/galicaster/run_galicaster.py
EOF'
$ sudo chmod -R 755 /usr/bin/galicaster
{code}


6.- Add the normal user to the gcusers group (you need to do this for each user you want to be able to run galicaster)

{code:none}
$ sudo addgroup `whoami` gcusers
{code}

Finally you need to close the session so the permission changes are applied correctly.