Wednesday, April 17, 2019

linux - add user accessible only to single other user

On my Ubuntu 16.04 workstation I have user provided by IT staff, named "john.smith". This account is in wheel group, has password managed by LDAP (I think... I know it changes in sync with other corporate systems).


We also have build system (GBS for Tizen) that uses chroot, so it needs root access. For this reason we have prepared sudoers file that covers all necessary commands. Problem is, this works for users created locally (those that I created normally with adduser), but does not work for IT-provided accounts. So when I build something, halfway through the compilation, sudo prompt asks for password. This is nuisance when compiling from console, but total showstopper when trying to use IDE.


Running IDE as a root is unreasonable for security/usability reasons. I also need the IT-provided account as my main account for some systems.


QUESTION: Is it possible to create user "builder" that:



  • will have wheel/sudo access

  • be possible to login without password from "john.smith"

  • will not be open-access for everyone else
    (I don't want to introduce security backdoor)


Then I could log-in as "john.doe", run IDE as "builder" and IDE would then not need to prompt me for password during compilation.

No comments:

Post a Comment

hard drive - Leaving bad sectors in unformatted partition?

Laptop was acting really weird, and copy and seek times were really slow, so I decided to scan the hard drive surface. I have a couple hundr...