System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Help on sudoers and Runas_Alias

ahamed.en
Occasional Visitor

Help on sudoers and Runas_Alias

Hi All,

Thank you for your time. Request you to help with the sudoers issue I am facing.


I am trying to make use of Runas_Alias feature of sudoers. Some how I am not able to. Hope someone can help me. Thanks in advance.

I want the script /app2/run to be run as user "operator" when executed by the user engg. The /app2/run is just a sample script with "id" command in it for testing purpose. Anyways, here is the contents


Code:

$ cat run
#!/bin/ksh
echo "-----------------------------------------------"
id
echo "-----------------------------------------------"


In /etc/sudoers, I have the following entry


Code:

#
Runas_Alias OP=operator
engg ALL = (OP) NOPASSWD: /app2/run


I executed it using the -u option but no luck. I also tried giving the uid instead of username.


Code:

$ sudo -u operator ./run
sudo: unable to execute /app2/run: Permission denied


Is there anything I am doing wrong?

Here is my unix box version

Code:

$ uname -a
Linux flx1208 2.6.21_mvlcge510-pc_target-x86_em64t-Malban10-cge5 #1 SMP PREEMPT RT Thu Nov 18 07:12:50 CST 2010 x86_64 GNU/Linux


Normal sudoers works, I mean if I have entry like


Code:

engg ALL = NOPASSWD: /app2/run


And on execution


Code:

$ sudo ./run
-----------------------------------------------
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),4(adm)


-----------------------------------------------


Thank You,
Ahamed
2 REPLIES
Turgay Cavdar
Honored Contributor

Re: Help on sudoers and Runas_Alias

Hi,
$ sudo -u operator ./run
sudo: unable to execute /app2/run: Permission denied

This means operator user has no right to execute /app2/run file. Can you check the permissions of /app2/run?

Regards.
ahamed.en
Occasional Visitor

Re: Help on sudoers and Runas_Alias

Hi,

Initially I didn't give permission for executing the script /app2/run for neither of the users - operator and engg.

I thought the below line in /etc/sudoers would give the permission for the user operator to execute the script

operatorALL = NOPASSWD: /app2/run

And this line would give the permission for the user engg to execute and associating the Runas_Alias will make it execute as the user operator

Runas_Alias OP=operator
engg ALL = (OP) NOPASSWD: /app2/run

But I guess I was wrong. Now when I gave the permission for the user operator to execute /app2/run, su -u operator /app2/run is successful when execute from engg user login.

I hope now my understanding is correct or if there is any different concept altogether?

Thanks a lot for the crucial clue :)

regards,
Ahamed.