Add the following configurations after auth sufficient pamrootok.so as shown in the following screenshot. vim /etc/pam.d/su OR sudo vim /etc/pam.d/su. This will create a newuser without root privileges to run commands in the container. You really need to make sure that the permitions you are setting are at the end of the file so that nothing is overwritten by the groups permissions. To allow users in a specific group to switch to another user account without a password, we can modify the default PAM settings for the su command in the /etc/pam.d/su file. This can be changed by creating a new user in a Dockerfile by: RUN useradd -ms /bin/bash newuser where -m -> Create the users home directory -s /bin/bash -> Set as the users default shell USER newuser. Its a very dirty trick wish leaves your system open for other dangers but I am guessing you know what you are doing and want this. You can find the absolute path to a program by using which on a terminal. On your program you can then use sudo shutdown -r now without having to type the sudo password. Ie: lets say you want to run shutdown -r now without having to type sudo password every time and your username is 'joedoe'Īdd joedoe ALL=NOPASSWD: /usr/sbin/shutdown -r now as a new line at the end of the file, use absolute paths to the program you are trying to use. At this moment, the users have sudo access. Edit September 11th: Seeing some of the answers, I figure I should clarify my question. Now you can run the specified commands without password as long as you type that command with sudo. I thought that the right way to go about it would be to determine which commands they frequent in the applications directory, but I feel that would still allow them too much power else were in the system. You need to do the following, on the terminal type sudo visudo and add a line like this at the end of the file specifying the commands you want to run without typing the sudo password (I suggest you use each command you want to use in the program and not just allow all programs to be executed by this) ALL=NOPASSWD:,
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |