So the way I installed Kicksecure was without granting root rights to user to lock it down better.
How can I make it so user can still do upgrade-nonroot without adding user to the sudo group?
Would changing the permissions to the upgrade-nonroot and apt-get-update-plus achieve this?
chmod 755 /usr/bin/upgrade-nonroot
chmod 755 /usr/bin/apt-get-update-plus
Would this be a stupid idea? (just want to be able to use user to update/upgrade not install packages)
Crawfish via Kicksecure Forums:
So the way I installed Kicksecure was without granting root rights to user to lock it down better.
How can I make it so user can still do upgrade-nonroot without adding user to the sudo group?
By learning sudo. Unspecific to Kicksecure.
Would changing the permissions to the
upgrade-nonrootandapt-get-update-plusachieve this?
chmod 755 /usr/bin/upgrade-nonroot
chmod 755 /usr/bin/apt-get-update-plus
No.
Would this be a stupid idea?
No.
I really dont like unintended-upgrades to be fair.
Is this solution valid for my use case?
groupadd -r updaters
useradd -G updaters user
/etc/sudoers
# Cmnd alias specification
Cmnd_Alias UPDATE_CMDS = /usr/bin/aptitude, /usr/bin/dpkg, /usr/bin/apt-get up*, /usr/bin/apt-get install, /usr/bin/upgrade-nonroot, /usr/bin/apt-get-update-plus
If this is so, then this might help other Kicksecure users that chose to go the route of not granting root rights to user.
I don’t understand how that is related. upgrade-nonroot is not unattended (automatic) upgrades.
related to automatic updates:
Not sure.
upgrade-nonroot is safe because it does not allow passing command line options.
That stackexchange answer if it permits arbitrary command line options then this might permit a user to not only upgrade but also remove/install packages as well as command line options that allow to escalate from user to root.