Dear All I am trying to allow a local user on the centos machine to be able to run yum What I have done is added him to the wheel group so that he can run software, basically it's his own machine if he breaks it it's his problem But even after adding him to wheel, sys and adm group he is unable to install using yum I am sure I must be missing something or I must be doing something wrong, Many Thanks Harry -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20080627/db73b25d/attachment-0001.html>
Hi Harry, Try to implement sudoers and add the group "wheel" inside from it (you can modify it from /etc/sudoers or using visudo command). In that way, all your users can use yum command. Cheers, -james On Fri, Jun 27, 2008 at 12:51 PM, Harry Sukumar <hsukumar at bond.edu.au> wrote:> Dear All > > > > I am trying to allow a local user on the centos machine to be able to run > yum > > > > What I have done is added him to the wheel group so that he can run > software, basically it's his own machine if he breaks it it's his problem > > > > But even after adding him to wheel, sys and adm group he is unable to > install using yum > > > > I am sure I must be missing something or I must be doing something wrong, > > > > Many Thanks > > > > Harry > > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > >-- Linux Registered User #380364 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20080627/b6d59f46/attachment-0001.html>
Hi James, Yes I tried to do this on another machine unfortunately this didn't work for me, good you raised this topic On the other machine I edited the visudo User_Alias PROJECT = emma, paddy, sb PROJECT ALL = !/usr/su, !/bin/su, !/usr/bin/passwd And then did this paddy, emma, %PROJECT, %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS But no success neither paddy nor emma could install software using yum could they run any network commands :-( I am sure I am doing something wrong try to google but no luck :-( -- Harry ________________________________ From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of James Corteciano Sent: Friday, 27 June 2008 2:59 PM To: CentOS mailing list Subject: Re: [CentOS] Wheel and YUM!! Hi Harry, Try to implement sudoers and add the group "wheel" inside from it (you can modify it from /etc/sudoers or using visudo command). In that way, all your users can use yum command. Cheers, -james On Fri, Jun 27, 2008 at 12:51 PM, Harry Sukumar <hsukumar at bond.edu.au> wrote: Dear All I am trying to allow a local user on the centos machine to be able to run yum What I have done is added him to the wheel group so that he can run software, basically it's his own machine if he breaks it it's his problem But even after adding him to wheel, sys and adm group he is unable to install using yum I am sure I must be missing something or I must be doing something wrong, Many Thanks Harry _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos -- Linux Registered User #380364 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20080627/0338fa64/attachment-0001.html>
On Thursday 26 June 2008 10:51:18 pm Harry Sukumar wrote:> Dear All> > But even after adding him to wheel, sys and adm group he is unable to > install using yum >Ok, I'm new to CentOS and yum, but it seems to me that installing software would need to have write permission to all the directories that the software installs to. This could include directories in /sbin /bin /usr /lib /etc... If you want to do all using group, it would seem to me you would need to have the directories where software, libraries and configuration files install to all in the same group as yum unless you are using setuid. I would suggest using sudo to allow the user to run the command yum with root ownership using his own password. You then would not have to worry about setuid and groups...
Harry Sukumar wrote:> Hi James, > > Yes I tried to do this on another machine unfortunately this didn't > work for me, good you raised this topic > > On the other machine I edited the visudo > > User_Alias PROJECT = emma, paddy, sb > PROJECT ALL = !/usr/su, !/bin/su, !/usr/bin/passwd >I see your trying to protect your users from becoming root. You do realise that with that sudo configuration a user can still run "sudo /bin/bash" or any of the other shells to gain root access. Dean
Just a point of note: When adding the wheel group to the sudoers file via visudo, it does not mean that the users in the wheel group can execute commands directly. It means that they can type: #sudo command options For each enabled command in the sudoers file. Now lets walk through some examples from my sudoers file: jpyeron ALL=(ALL) NOPASSWD: ALL ## allows user jpyeron logged in from ALL locations to act as ALL users without confirming jpyeron's password and execute ALL programs. # Uncomment to allow people in group wheel to run all commands # %wheel ALL=(ALL) ALL ## allows users in the wheel group logged in from ALL locations to act as ALL users executing ALL programs. # Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL ## allows users in the wheel group logged in from ALL locations to act as ALL without confirming his password users executing ALL programs. # Samples # %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom ## allows users in the users group logged in from ALL locations to act as root and run either "/sbin/mount /cdrom" or "/sbin/umount /cdrom" without deviation of the command line. # %users localhost=/sbin/shutdown -h now ## allows users in the users group logged in from localhost (or console?) to act as root and execute "/sbin/shutdown -h now" only. /* I gave up on quoting html emails... */ -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100 - - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited.