System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Sudo not working properly, or as I expect it should.

Sudo not working properly, or as I expect it should.


I am trying to give permissions to run files owned by oracle to a user called testbob. this is what I have setup.

User_Alias TEST = testbob

Runas_Alias ORA = oracle

TEST ALL= (ORA) ALL, !/usr/bin/su

The way I understand how sudo works is this sudo statement SHOULD allow the User alias TEST (testbob user) to run all commands as user_alias ORA (oracle user) on all servers but not be allowed to run the su command.

However when I run a shell script owned by oracle as testbob I get an error that it can not run as root. I am telling it to runas oracle so why is it running as root?? makes no seance.

When I sudo test.sh which has oracle:dba perms as testbob it should run test as oracle not root.


Shane A. Miller
3 REPLIES
Patrick Wallek
Honored Contributor

Re: Sudo not working properly, or as I expect it should.

By default sudo assume root for everything, but it will allow you to specify the user to run as.

Try the following:

sudo -u testbob test.sh

The '-u' option to sudo tells sudo to run the command as the user you specify rather than as root.

See the sudo man page for more details.

Re: Sudo not working properly, or as I expect it should.

Ok yes I understand what the -u is for. However I thought that is what the runas alias was for and the ( ) is saposed to be what the command is run under?? reading the sudo tutorials on the sudo.org that is what I got out of it.

so does the ( oracle) specification tell sudo to run the command as the user oracle??

Shane
Horia Chirculescu
Honored Contributor

Re: Sudo not working properly, or as I expect it should.

>When I sudo test.sh which has oracle:dba perms as testbob it should run test as oracle not root.

You should run test.sh like this:

sudo -u oracle test.sh

The portion of the /etc/sudoers that you posted just tell us that user testbob should run all the command on any host execpt for /usr/bin/su, only as user oracle.


Horia.
Best regards from Romania,
Horia.