I'm trying to mark my browser internet traffic with a DSCP by selecting the packages with a certain owner. In order to do that I have to start my browser with a dummy user.
I start my browser by binding a terminal command to a keyboard shortcut. So for now that has always been chromium-browser
.
The steps I have taken so far:
sudo useradd <dummy user>
sudo passwd <dummy user>
sudo mkdir /home/<dummy user>
sudo chown <dummy user> /home/<dummy user>
sudo chgrp <dummy user> /home/<dummy user>
Allow the new user to acces X
xhost +
Run the command as the new user
I start a terminal as the original user (non-root) and run the following command:
su <dummy user> -c chromium-browser
after typing the dummy user password I can run the chromium-browser as the dummy user. Chromium will be all new and won't have any of my old settings since it uses the newly created dummy user home dir.
Now I don't want to have to enter a password at any stage so I looked into how to work with the sudoers file.
Apperently it is possible to run a command as another user without being prompt for the password by changing the sudoers file. I have not yet figured out exactly how but I think it relies on sudo -u
. Which also allows you to run a command as someone else. Before I started to adapt the sudoers file I wanted to test this structure. So I ran:
sudo -u <dummy user> chromium-browser
And I got the following error:
[0906/012127:ERROR:nss_util.cc(90)] Failed to create /home/<user>/.pki/nssdb directory.
[0906/012127:ERROR:nss_util.cc(90)] Failed to create /home/<user>/.pki/nssdb directory.
Home directory /home/<user> not ours.
where <user>
is my username. So it tries to acces my home users home dir.
I'm hoping someone can help me figure this out. I have the feeling I'm sort of in the right direction but I need someone let me see what I'm doing wrong. Also any help on how to change the sudoers file would be appreciated.
Thanks in advance!
Best Answer
According to sudo manual:
It means that when your run
sudo -u <dummy user> <command>
, HOME is unchanged and point to the invoking user home directory. More precisely, the entire environment remains unchanged, and the command is executed, therefore, in the environment of the user who invokedsudo
. Onlyuid
is changed and when command try to write in$HOME
it has not right permission.In order to run command as
<dummy user>
without being prompt for the password and have the right environment, you should create a simple file:with this directive:
That allow
<user>
to runsu
command as root without being prompt for password (<user>
password) and runningsu
as root doesn't require to enter the target user's password (<dummy user>
in this case).Another better approach, change
/etc/sudoers.d/myOverrides
with:this allow
<user>
to run/path/to/chromium-browser
as<dummy user>
without being prompt for password.where -i option, according to sudo manual: