Taking a few clues from these old posts by kellyremo: <http://lists.fedoraproject.org/pipermail/users/2011-February/392134.html> <http://lists.fedoraproject.org/pipermail/users/2011-February/392136.html> and doing this one step at a time, to avoid opening holes in my system (Being paranoid, I am not using the actual names from my system here.) user9 is a user that I regularly login on. user9-boxed is a user I just added, hardened password, but set to nologin, with home directory /home/boxes/user9-boxed . user9 is a member of the user9-boxed group. chmod -R o-rwx,g+rw /home/boxes/user9-boxed Added a file: /etc/sudoers.d/77_boxers , owned by root, permissions go-rwx Contents: ---------------------------------------------------- User_Alias USERDOER = user9 Runas_Alias USERBOXED = user9-boxed Defaults:USERDOER !authenticate, always_set_home, set_logname, !preserve_groups USERDOER ALL = (USERBOXED) ALL ---------------------------------------------------- I can sudo -u user9-boxed from the command line to my heart's content. Well, okay, tested lightly. I should probably see what gnupg would do. I was able to do this from the command line: xhost local:user9-boxed; sudo -u user9-boxed firefox and get firefox running as user9-boxed. (Downloads to user9-boxed's Downloads directory, etc.) So I made a shell script, firebox, chmod-ed for +x: ---------------------------------------------- #! /bin/sh xhost local:${1}; sudo -u ${1} firefox $2 ---------------------------------------------- and running it as "./firebox user9-boxed http://www.fedora.org"; today brings up a nice picture of a cute little dog wearing a hotdog bun. (Hmm. Yeah, the weather's hot these days.) Whatever. Firefox is clearly running. However, pulling the firefox clicky icon out of the internet applications menu to the panel and editing the command hasn't gotten me good results. sudo -u user9-boxed -- /usr/bin/firefox %u & gives a "sorry, you must have a tty to run sudo" error in /var/log/secure . So does using the firebox command. But xhost local:user9-boxed; sudo -u user9-boxed -- /usr/bin/firefox %u & as the command gives no error messages in secure, but leaves a bunch of normal-looking messages in /var/log/Xorg.0.log . (Nothing stands out to me at any rate.) And no firefox session starting up. I've ps wwaux | grep user9-boxed doesn't show me any leftover processes. For me and my children, I have no problem with using the command line version. My wife is not going to consider this fun at all, so I would like to make a clicky icon. Anyone care to offer a clue? (I suppose I should look at Matt Hansens's comments on using PAM linked in the 2nd thread above, but that will be for another day.) Joel Rees -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
