On 2022-04-21 20:22, Andrei Borzenkov wrote:
On 21.04.2022 21:08, Axel Braun wrote:
Hi,
following issue: A system user (tryton) is created to run a ERP server. The user is a no-login user,
What exactly does it mean?
Maybe: /etc/passwd: colord:x:493:490:user for colord:/var/lib/colord:/sbin/nologin
and he does not belong to any group.
This is technically impossible. Every user belongs to at least one primary group.
Should this user be able to run 'sudo'?
How? This user cannot login, correct? User needs interactive session where sudo can request password. How this users obtains this interactive session?
But maybe a job (cronjob) could use sudo to run something, and sudo be configured to not ask for a password. Example: /etc/passwd: gdm:x:50:109:Gnome Display Manager daemon:/var/lib/gdm:/bin/false /etc/sudoers: # cer Telcontar = (gdm) NOPASSWD: /usr/bin/dbus-launch gnome-appearance-properties I don't remember if this worked. And anyway, it is not gdm using sudo. -- Cheers / Saludos, Carlos E. R. (from 15.3 x86_64 at Telcontar)