sudo env for a special group
Hi, I'd like to have a few extras variables in a sudo session for a special user or group. I created a new file "mygroup" in /etc/sudoers.d/ with these contents: Defaults exempt_group = mygroup Defaults:%mygroup env_keep="PERL5LIB DISPLAY XAUTHORITY" Is this the correct way to do this? Thx! Bye. Michael.
Michael, et al -- ...and then mh@mike.franken.de said... % ... % % Defaults exempt_group = mygroup % Defaults:%mygroup env_keep="PERL5LIB DISPLAY XAUTHORITY" % % Is this the correct way to do this? 1) You don't want "Defaults" (which I'm almost sure has no colon) in order to apply to a single group. Just %mygroup env_keep = "PERL5LIB DISPLAY XAUTHORITY" will do. Defaults applies to everyone. 2) Is "mygroup" an actual OS group a nonunix group? You want %:mygroup in the latter case. 3) Have you tried it? :-) % % Thx! % % Bye. % Michael. HTH & HAND :-D -- David T-G See http://justpickone.org/davidtg/email/ See http://justpickone.org/davidtg/tofu.txt
On Dienstag, 7. März 2023 12:23:06 CET David Thorburn-Gundlach wrote:
Michael, et al --
...and then mh@mike.franken.de said... % ... % % Defaults exempt_group = mygroup % Defaults:%mygroup env_keep="PERL5LIB DISPLAY XAUTHORITY" % % Is this the correct way to do this?
1) You don't want "Defaults" (which I'm almost sure has no colon) in order to apply to a single group. Just
%mygroup env_keep = "PERL5LIB DISPLAY XAUTHORITY"
will do. Defaults applies to everyone.
Defaults:%wheel targetpw %wheel ALL=(ALL) ALL is an example from ArchWiki.
2) Is "mygroup" an actual OS group a nonunix group? You want
%:mygroup
in the latter case.
mygroup is a local linux group.
3) Have you tried it? :-)
Yes, I did, visudo didn't give an error, and it seemed to work. I just wanted to know, if this is the way to do it.
% % Thx! % % Bye. % Michael.
HTH & HAND
:-D
Bye. Michael.
participants (2)
-
David Thorburn-Gundlach -
mh@mike.franken.de