- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: sudo Runas_Alias needs to source .shrc variabl...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-11-2011 09:04 AM
08-11-2011 09:04 AM
sudo Runas_Alias needs to source .shrc variables
I'm configuring a sudo Runas_Alias in the sudoers file on a hp-ux 11.31 system. The
goal is to allow some hp-ux accounts to sudo to a service account and run commands as
that user. Here's the related sudoers entries:
User_Alias DMSTAFF = %dmstaff
Runas_Alias DMALIAS = dmadmin
DMSTAFF ALL = (DMALIAS) NOPASSWD: ALL
For example, testuser1 belongs to the dmstaff hp-ux group, so he is allowed to run
commands as dmadmin like this:
sudo -u dmadmin [some command]
or
sudo -Hu dmadmin [some command] (preserve's target user's home dir)
It works very well and sudo commands are logged to our sudo.log. However, sudo is not sourcing important env variables that dmadmin requires. These env variables are normally sourced from dmadmin's .shrc file in his home directory.
We can simple allow the users to sudo su - dmadmin by defining a simple Cmnd_Alias,
but in that case subsequent commands will not be logged to the sudo.log - a dept.
requirement.
Any ideas?
- Tags:
- sudo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-11-2011 11:27 PM
08-11-2011 11:27 PM
Re: sudo Runas_Alias needs to source .shrc variables
If your version of sudo is recent enough to support the -i option, try "sudo -u dmadmin -i [some command]".
If you don't use either -H or -i, the target user's shell is likely to be looking for the .shrc file from the original user's home directory, not in dmadmin's home directory.
It would also be important to know which shell the dmadmin user is configured to use: ".shrc" is not one of the standard HP-UX /usr/bin/sh login scripts. Perhaps it's executed because the ENV variable is set in some other login script? If so, please keep in mind that modern versions of sudo will remove any environment variables it is not specifically configured to keep. You may have to add something like this to your sudoers file:
Defaults>DMALIAS env_keep+=ENV
(Unless I'm mistaken, that should tell sudo to add ENV to the list of preserved environment variables when sudoing to users listed in Runas_Alias DMALIAS. A relatively recent version of sudo might also be required to support this syntax.)