[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Discuss-gnuradio] out-of-tree module without root privileges
From: |
Fons Adriaensen |
Subject: |
Re: [Discuss-gnuradio] out-of-tree module without root privileges |
Date: |
Sat, 12 Nov 2016 10:06:47 +0000 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Sat, Nov 12, 2016 at 07:27:04AM +0100, Sylvain Munaut wrote:
> Once you authorize someone to use sudo, he _is_root for all intents
> and purposes, you realize that right ?
In general that's not true, you can just allow some specific
commands via sudo.
But of course, in this case it's true since the makefile could
contain any command you want.
Assuming the install operation requires a fixed set of commands,
you could
- make a script 'install_oot' doing exactly what is required,
- block all user access to this script,
- allow users to run it - and nothing else - via sudo.
Ciao,
--
FA
A world of exhaustive, reliable metadata would be an utopia.
It's also a pipe-dream, founded on self-delusion, nerd hubris
and hysterically inflated market opportunities. (Cory Doctorow)