How to do admin tasks without becoming root on Debian?

Question

How can one perform some administrative tasks from non-root account without becoming root on Debian 7? For example, my iptables block all network access for all users including root except one user - 'webuser'. The webuser is admin account, it is in admin and adm groups, it is in sudoers file and can use sudo. When I try as 'webuser' to use apt-get or synaptic via sudo, then after entering the root password the program apparently starts under the root account, not under webuser, and cannot get access to network.

Is there some configuration settings that can be set for synaptic or apt-get so that these programs could run under non-root account?

Answer 1

Running package managers under non root account is an horrible idea. It is not possible by default, but you could probably hotwire it somehow, maybe with some chroot magic. And likely bork your system.

Think of a scenario where you install a library with webuser, the applications that use that library, if installed by root would not have access to it.

Some applications, like apache, let you configure what user and group the program should be run as (in /etc/httpd/conf/httpd.conf on centos), other do not give you any choice about it. Many applications need to run as a separate user.

I think you could achieve what you want by creating a group called webuser, with access to the network, adding to it the users of the programs that have access to the network and allowing members of the group to access the network in iptables.

Note that root will need to be part of webuser group for you package manager to work