best way to add www to wheel
Aryeh Friedman
aryeh.friedman at gmail.com
Wed Jan 29 22:08:13 UTC 2014
Forgot to mention there are more then just those commands but the idea is
still valid (about 6 commands currently need to be setuid but the list may
grow)
On Wed, Jan 29, 2014 at 5:05 PM, Aryeh Friedman <aryeh.friedman at gmail.com>wrote:
> Only issue with that is when I asked a few months ago how to -ports@ how
> to make the port edit sudoers the idea was universally shot down (then it
> was to add it to do it for the default %WHEEL NOPASSWD entry and it was
> before petitecloud was password protected [it is this criticism that lead
> to the password protection in the first place)
>
>
> On Wed, Jan 29, 2014 at 4:41 PM, Łukasz Wąsikowski <lukasz at wasikowski.net>wrote:
>
>> W dniu 2014-01-29 22:26, Aryeh Friedman pisze:
>>
>> > Cross post on purpose because people on -virtualization@ are likely
>> more
>> > familur with bhyve and it's requirements as well knowing what
>> petitecloud
>> > is and what it needs to do (the whole issue is without adding www to
>> wheel
>> > start/stop do not work from the webui)
>>
>> Use security/sudo, maybe with config similar to this this:
>>
>> Cmnd_Alias PETITECLOUD = /usr/sbin/service petitecloud stop,
>> /usr/sbin/service petitecloud start, /usr/sbin/service petitecloud restart
>> www ALL=(ALL) NOPASSWD: PETITECLOUD
>>
>> This way user www can run sudo /usr/sbin/service petitecloud
>> (stop|start|restart) as root (and only those exact commands with those
>> exact parameters). It's a "little" bit safer than your approach which is
>> huge security hole.
>>
>> --
>> best regards,
>> Lukasz Wasikowski
>>
>
>
>
> --
> Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
>
--
Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
More information about the freebsd-virtualization
mailing list