Granting privileges using visudo still prevents user to execute command

Following this solution, I want to grant to the user daemon the execution of /bin/date.
Here what I did:

  1. find the user that apache2 uses when spawning:

    # ps | grep httpd
252 root     /usr/bin/httpd -k start
260 daemon   /usr/bin/httpd -k start
262 daemon   /usr/bin/httpd -k start
264 daemon   /usr/bin/httpd -k start
467 root     grep httpd

  2. find the right path for date:

    # which date
/bin/date

  3. using visudo add the following lines:

    Cmnd_Alias DATE=/bin/date                                               
daemon ALL=NOPASSWD: DATE

  4. reboot

  5. test the new privileges:

    # sudo -u daemon date -s "2023-09-09 10:16:00"
date: can't set date: Operation not permitted
Sat Sep  9 10:16:00 UTC 2023

Is there anything wrong in my syntax?
I also tried with:

ALL ALL=NOPASSWD: DATE

but it’s the same.
It’s a Buildroot environment.

Asked By: Mark

||
Source

You need to specify the exact path matching the sudoers configuration. Your test is also back to front: starting from root, you need to become daemon, then try to run sudo.

sudo -u daemon sudo /bin/date -s "2023-09-09 10:16:00"

should work.

(Your current test tries to run date as the daemon user, which won’t work.)

Answered By: Stephen Kitt
Categories: Answers Tags: , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.