HPE Community
Operating System - HP-UX
1752822 Members
4191 Online
108789 Solutions
New Discussion юеВ

Re: Sudo not working properly, or as I expect it should.

 
Shane A. Miller
Advisor

тАО03-25-2010 12:50 PM

тАО03-25-2010 12:50 PM

Sudo not working properly, or as I expect it should.


I am trying to give permissions to run files owned by oracle to a user called testbob. this is what I have setup.

User_Alias TEST = testbob

Runas_Alias ORA = oracle

TEST ALL= (ORA) ALL, !/usr/bin/su

The way I understand how sudo works is this sudo statement SHOULD allow the User alias TEST (testbob user) to run all commands as user_alias ORA (oracle user) on all servers but not be allowed to run the su command.

However when I run a shell script owned by oracle as testbob I get an error that it can not run as root. I am telling it to runas oracle so why is it running as root?? makes no seance.

When I sudo test.sh which has oracle:dba perms as testbob it should run test as oracle not root.


Shane A. Miller
0 Kudos
Reply
3 REPLIES 3
Patrick Wallek
Honored Contributor

тАО03-25-2010 12:56 PM

тАО03-25-2010 12:56 PM

Re: Sudo not working properly, or as I expect it should.

By default sudo assume root for everything, but it will allow you to specify the user to run as.

Try the following:

sudo -u testbob test.sh

The '-u' option to sudo tells sudo to run the command as the user you specify rather than as root.

See the sudo man page for more details.
0 Kudos
Reply
Shane A. Miller
Advisor

тАО03-25-2010 03:11 PM

тАО03-25-2010 03:11 PM

Re: Sudo not working properly, or as I expect it should.

Ok yes I understand what the -u is for. However I thought that is what the runas alias was for and the ( ) is saposed to be what the command is run under?? reading the sudo tutorials on the sudo.org that is what I got out of it.

so does the ( oracle) specification tell sudo to run the command as the user oracle??

Shane
0 Kudos
Reply
Horia Chirculescu
Honored Contributor

тАО03-26-2010 03:31 AM

тАО03-26-2010 03:31 AM

Re: Sudo not working properly, or as I expect it should.

>When I sudo test.sh which has oracle:dba perms as testbob it should run test as oracle not root.

You should run test.sh like this:

sudo -u oracle test.sh

The portion of the /etc/sudoers that you posted just tell us that user testbob should run all the command on any host execpt for /usr/bin/su, only as user oracle.


Horia.
Best regards from Romania,
Horia.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.