HPE Community
Operating System - HP-UX
1826215 Members
2820 Online
109691 Solutions
New Discussion

Re: Bizarre sudo problem

 
Bob Bean
Advisor

‎09-08-2004 06:47 AM

‎09-08-2004 06:47 AM

Bizarre sudo problem

I've installed sudo1.6.7 onto an NClass running HP-UX 11.0.
I have a user who needs to be able to do 'kill' and mflmman.
Here are my sudoers entries:
# User alias specification
User_Alias OPERATOR = operator

# Cmnd alias specification
Cmnd_Alias KILL = /usr/bin/kill
Cmnd_Alias MFLMMAN = /opt/cobol/mflmf/mflmman

# Defaults specification

# User privilege specification
root ALL=(ALL) ALL
OPERATOR ALL = NOPASSWD: KILL,MFLMMAN

Kill works fine, and does not prompt for a password.
mflmman asks for a password, and after I enter it, I see the following:
HP Operator> sudo mflmman
Password:
sudo: mflmman: command not found
Sep 8 14:41:35 hpnclass sudo: operator : command not allowed ; TTY=pts/ts ; PWD
=/home/mis/operator ; USER=root ; COMMAND=mflmman

The mflmman command actually calls mflm_manager. Please see below:
#!/bin/sh
COBDIR=`pwd`
export COBDIR
LIBPATH=$COBDIR/lib:/lib:$LIBPATH
export LIBPATH
LD_LIBRARY_PATH=$COBDIR/lib:/lib:$LD_LIBRARY_PATH
export LD_LIBRARY_PATH
SHLIB_PATH=$COBDIR/lib:/lib:$SHLIB_PATH
export SHLIB_PATH

./mflm_manager $*

No matter what I try, I cannot get this to work. Any ideas/hints would be most sincerely appreciated.

Thanks-
Stacey
0 Kudos
Reply
15 REPLIES 15
Sundar_7
Honored Contributor

‎09-08-2004 06:52 AM

‎09-08-2004 06:52 AM

Re: Bizarre sudo problem

The command the operator uses should exactly match that of in the /etc/sudoers file

Try this

Operator> sudo /opt/cobol/mflmf/mflmman
Password:

This should work
Learn What to do ,How to do and more importantly When to do ?
0 Kudos
Reply
Craig Rants
Honored Contributor

‎09-08-2004 08:01 AM

‎09-08-2004 08:01 AM

Re: Bizarre sudo problem

Yes, I agree with Sundar

GL,
C
"In theory, there is no difference between theory and practice. But, in practice, there is. " Jan L.A. van de Snepscheut
0 Kudos
Reply
Sanjay_6
Honored Contributor

‎09-08-2004 08:21 AM

‎09-08-2004 08:21 AM

Re: Bizarre sudo problem

Hi,

Try

# User alias specification

# Cmnd alias specification
/usr/bin/kill, /opt/cobol/mflmf/mflmman

# Defaults specification

# User privilege specification
root ALL=(ALL) ALL
operator ALL = (ALL) NOPASSWD :/usr/bin/kill, /opt/cobol/mflmf/mflmman

Hope this helps.

Regds

0 Kudos
Reply
Stacey Akerstrom
Frequent Advisor

‎09-09-2004 02:14 AM

‎09-09-2004 02:14 AM

Re: Bizarre sudo problem

When I add the following as suggested, I get a syntax error:
# Cmnd alias specification
#Cmnd_Alias KILL = /usr/bin/kill
#Cmnd_Alias MFLMMAN = /opt/cobol/mflmf/mflmman
Cmnd_Alias /usr/bin/kill, /opt/cobol/mflmf/mflmman

# Defaults specification

# User privilege specification
root ALL=(ALL) ALL
#OPERATOR ALL = NOPASSWD: KILL,MFLMMAN
OPERATOR ALL = (ALL) NOPASSWD :/usr/bin/kill, /opt/cobol/mflmf/mflmman

Thanks-
Stacey
0 Kudos
Reply
Bob Bean
Advisor

‎09-10-2004 12:42 AM

‎09-10-2004 12:42 AM

Re: Bizarre sudo problem

Any other suggestions on this one?

Thanks!
Stacey
0 Kudos
Reply
Victor BERRIDGE
Honored Contributor

‎09-10-2004 12:51 AM

‎09-10-2004 12:51 AM

Re: Bizarre sudo problem

Hi,
Just thought..
You want him to have root permissions when it executes?
sudo -u root


All the best
Victor
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎09-10-2004 01:23 AM

‎09-10-2004 01:23 AM

Re: Bizarre sudo problem

HI Stacey,

For it looks like

sudo /opt/cobol/mflmf/mflmman $*

should work.

What error are you getting?.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Sanjay_6
Honored Contributor

‎09-10-2004 01:30 AM

‎09-10-2004 01:30 AM

Re: Bizarre sudo problem

Hi Stacey,

I'm sorry, but my suggestion was,

# User alias specification

# Cmnd alias specification
# /usr/bin/kill, /opt/cobol/mflmf/mflmman

# Defaults specification

# User privilege specification
root ALL=(ALL) ALL
operator ALL = (ALL) NOPASSWD :/usr/bin/kill, /opt/cobol/mflmf/mflmman

Hope this helps.

Regds
0 Kudos
Reply
Bob Bean
Advisor

‎09-10-2004 02:12 AM

‎09-10-2004 02:12 AM

Re: Bizarre sudo problem

Hi Victor-
Thanks for replying.
I'm still getting the following:
HP Operator> sudo -l
User operator may run the following commands on this host:
(root) NOPASSWD: /usr/bin/kill
(root) NOPASSWD: /opt/cobol/mflmf/mflmman
HP Operator> sudo -u root mflmman
Password:
sudo: mflmman: command not found
Sep 10 10:08:28 hpnclass sudo: operator : command not allowed ; TTY=pts/tC ; PWD
=/home/mis/operator ; USER=root ; COMMAND=mflmman
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎09-10-2004 02:47 AM

‎09-10-2004 02:47 AM

Re: Bizarre sudo problem

Bob/Stacey,

The problem with not specifying the full patch to mflmman is that it will be searched under sudo's default search path which is a compiler option. Hence, it can't find it.

So, no matter what you do, simply specifying mflmman will not work. However, copy it to /usr/bin and then it should work as normallly /usr/bin is one of the standard directories in SUDO's path.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Bob Bean
Advisor

‎09-10-2004 02:53 AM

‎09-10-2004 02:53 AM

Re: Bizarre sudo problem

Even with the following present in sudoers:
# User privilege specification
root ALL=(ALL) ALL
operator ALL = (ALL) NOPASSWD :/usr/bin/kill, /opt/cobol/mflmf/mflmman

I get:
HP Operator> sudo /opt/cobol/mflmf/mflmman
/opt/cobol/mflmf/mflmman[11]: ./mflm_manager: not found.

So it's can't find mglm_manager?
0 Kudos
Reply
Bob Bean
Advisor

‎09-10-2004 02:55 AM

‎09-10-2004 02:55 AM

Re: Bizarre sudo problem

Sridhar-
Just so I understand this, are you saying I should cp mflmman over to /usr/sbin?
Thanks-
Stacey
0 Kudos
Reply
Bob Bean
Advisor

‎09-10-2004 02:56 AM

‎09-10-2004 02:56 AM

Re: Bizarre sudo problem

Oops, I meant /usr/bin, of course.

Stacey
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎09-10-2004 03:02 AM

‎09-10-2004 03:02 AM

Re: Bizarre sudo problem

Yep.. also there is a problem in the script. You will have to be in the COBDIR (COBDIR=`pwd`) in order to get it working..
I suggest you change the script to

COBDIR="/wherever/it/is"
..
..
$COBDIR/mflm_manager $*


-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Victor BERRIDGE
Honored Contributor

‎09-10-2004 03:04 AM - last edited on ‎09-16-2024 02:08 AM by

‎09-10-2004 03:04 AM - last edited on ‎09-16-2024 02:08 AM by

Re: Bizarre sudo problem

Hi Bob,
This is how I solved the problem here:
the account here that can use the command is exploit... In sudoers:
exploit ALL=(OP) NOPASSWD : /sm/bin/mflm
Now the content of /sm/bin/mflm
#!/sbin/sh
#---------------------------------------------------------------------------#
# Start the MFLM License Manager (VBE - 02.12.05)
# export COBDIR=/opt/cobol/mflmf
# export SHLIB_PATH=$COBDIR/coblib:$SHLIB_PATH:/lib
# cd /opt/cobol/mflmf
# ./mflm_manager
#---------------------------------------------------------------------------#
export PATH=/usr/sbin:/usr/bin:/sbin
rval=0

case "$1" in
start_msg)
echo "Start MFLM License Manager"
;;
stop_msg)
echo "Stop MFLM License Manager"
;;
start)
/etc/mflmrcscript 2>&1
;;
stop)
for i in $(ps -ef|grep -i mflm_manager|grep -v grep|awk '{print $2}')
do
kill -9 $i
done
;;
*)
echo "usage: $0 {start|stop}"
rval=1
;;
esac
#

And the /etc/mflm_manager script
# more mflmrcscript
echo Starting MFLM License Manager
COBDIR=/opt/cobol/mflmf
export COBDIR
SHLIB_PATH=$COBDIR/coblib:$SHLIB_PATH:/lib
export SHLIB_PATH
cd /opt/cobol/mflmf
./mflm_manager

Hope this helps a little

All the best
Victor
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.