Friday, November 30, 2012

sudoers for secure and insecure

run browsers as different users.  Previously I didn't need to customize /etc/sudoers since my user had NOPASSWD:ALL.  I'm stepping away from that insecure (but convenient) practice now, so just doing

  sudo -H -u insecure chromium-browser

won't work anymore since it'll require a password, I won't type one in, and it'll fail.

Now I need to add some entries to /etc/sudoers (sudo visudo)

  tiger ALL=(secure,insecure) NOPASSWD: /usr/bin/chromium-browser


and all works again.

No comments: