https://community.hpe.com/t5/operating-system-hp-ux/sudo-help/m-p/3500270#M744940 One additional question, would that SUDO policy work if I remove the setuid from /usr/bin/su or make it only executable by root? How do I allow only the ADMIN group to be able to su to root without password? Thanks again. Wed, 09 Mar 2005 17:06:13 GMT Sajjad Ali_1 2005-03-09T17:06:13Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-help/m-p/3500266#M744936 Hi,<BR /><BR />I am looking for some help with sudo. I have a script process.sh owned by user TESTA and permission 744. process.sh needs TESTA's environment variables set in .profile for successful run.<BR /><BR />I've configured SUDO, so that user TESTB can run process.sh and pick up environment settings of TESTA. But it's not picking up the env variables, in other words, it's not executing TESTA's profile at runtime. How can I make it execute the profile before running the script? I am running this as TESTB: sudo -u TESTA /home/TESTA/process.sh<BR /><BR />Host_Alias SVR = HP1<BR />User_Alias ADMIN = TESTB<BR />Cmnd_Alias SCRIPTS = /home/TESTA/process.sh<BR /><BR />ADMIN SVR = (TESTA) SCRIPTS<BR /><BR />Thanks for your help in advance.<BR /><BR />SA Tue, 08 Mar 2005 12:04:58 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-help/m-p/3500266#M744936 Sajjad Ali_1 2005-03-08T12:04:58Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-help/m-p/3500267#M744937 sudo wont run the .profile of that user. you will have to define all required variables in process.sh.<BR /><BR />Anil Tue, 08 Mar 2005 12:11:35 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-help/m-p/3500267#M744937 RAC_1 2005-03-08T12:11:35Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-help/m-p/3500268#M744938 Okay, Thanks Anil, <BR />One more question about SUDO. How do I allow certain users to SU to only prod1 user but not anyone else?<BR /><BR />Host_Alias SVR = HP1<BR />User_Alias ADMIN = joe<BR />Cmnd_Alias SU= /usr/bin/su<BR /><BR />ADMIN SVR = (prod1) SU, !root (is this the right systax?)<BR /><BR />Thanks again.<BR /><BR /> Wed, 09 Mar 2005 16:33:08 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-help/m-p/3500268#M744938 Sajjad Ali_1 2005-03-09T16:33:08Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-help/m-p/3500269#M744939 I would set up the specific su command that they are allowed to use.<BR /><BR />Cmnd_Alias SUPROD1=/usr/bin/su - prod1<BR /><BR />Then for the user:<BR /><BR />ADMIN SVR=SUPROD1<BR /><BR />This way if the user enters something other than the above command, they will get an error. If you just have a few su's that you need to allow, this is relatively easy. Wed, 09 Mar 2005 16:49:31 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-help/m-p/3500269#M744939 Patrick Wallek 2005-03-09T16:49:31Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-help/m-p/3500270#M744940 One additional question, would that SUDO policy work if I remove the setuid from /usr/bin/su or make it only executable by root? How do I allow only the ADMIN group to be able to su to root without password? Thanks again. Wed, 09 Mar 2005 17:06:13 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-help/m-p/3500270#M744940 Sajjad Ali_1 2005-03-09T17:06:13Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-help/m-p/3500271#M744941 but the su command will.. try this:<BR />sudo su - TESTA -c '/home/TESTA/process.sh' Wed, 09 Mar 2005 17:31:29 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-help/m-p/3500271#M744941 Jannik 2005-03-09T17:31:29Z https://community.hpe.com/t5/operating-system-hp-ux/sudo-help/m-p/3500272#M744942 Sajjad,<BR /><BR />When you put su- in sudo you are wasting sudo. When persons needs to su - to another user let them fill in the password of the user. Thu, 10 Mar 2005 04:34:13 GMT https://community.hpe.com/t5/operating-system-hp-ux/sudo-help/m-p/3500272#M744942 Mark Nieuwboer 2005-03-10T04:34:13Z