HPE Community
Operating System - HP-UX
1825643 Members
3647 Online
109685 Solutions
New Discussion

.profile permission for by sudo

 
Abhijit P.
Valued Contributor

‎10-07-2005 01:35 AM

‎10-07-2005 01:35 AM

.profile permission for by sudo

Hi friends...

I am giving perticular useer to execute .profile permission of other user in /etc/sudoers but when it executes it is not setting the env. veriables for that
user.

Please help me to solve this


Thanks in advance

Abhijit Panse
0 Kudos
Reply
7 REPLIES 7
Mel Burslan
Honored Contributor

‎10-07-2005 02:08 AM

‎10-07-2005 02:08 AM

Re: .profile permission for by sudo

.profile should not be executed but instead sourced. if your user is familiar with sourcing concepts this should not have been a problem. Tell him or her to execute this:

. ./.profile
(DOT SPACE DOT SLASH DOTPROFILE as it may look cramped above)

HTH
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Abhijit P.
Valued Contributor

‎10-07-2005 03:16 AM

‎10-07-2005 03:16 AM

Re: .profile permission for by sudo

hi bel thanks for quick reply..but its not getting executed

please tell me whta will be the entries of a /etc/sudoers to execute a .profile of another users



0 Kudos
Reply
Marvin Strong
Honored Contributor

‎10-07-2005 04:18 AM

‎10-07-2005 04:18 AM

Re: .profile permission for by sudo

Is there any reason you cannot just set read permissions on the profile in question?

sudo seems like overkill here to me.

then have the user

. /path/.profile


0 Kudos
Reply
Juan M Leon
Trusted Contributor

‎10-07-2005 04:36 AM

‎10-07-2005 04:36 AM

Re: .profile permission for by sudo

Abhijit,

Try to see the following

# User alias specification
User_Alias SA=gussokrg,ssouid,gussodeo,gussodcb,guhpalc,pjm,dgoss,\
cscoggin,swyatt,pmccook,dkimsey,gussocc,guhpalc,\
gussojwc,gussojer,gussoebd,gussorlk,gussokah,gussowws,\
gussolfc
User_Alias DBA=dgoss, cscoggin
User_Alias PMO=dgoss
User_Alias WR=cscoggin,pmccook,swyatt

# Cmnd alias specification
Cmnd_Alias SHELL=/usr/bin/sh,/sbin/sh,/usr/bin/ksh,/usr/bin/csh,\
/usr/local/bin/bash
Cmnd_Alias ORADBA=/opt/oracle7/bin/,/opt/oracle8/product/*/bin
Cmnd_Alias REMADM=/usr/ar/bin/,/sbin/init.d/arsystem
Cmnd_Alias SYS=/usr/local/etc/,/usr/lbin/modprpw,/usr/sbin/useradd,\
/usr/sbin/userdel,/usr/sbin/usermod,/usr/sbin/groupadd,\
/usr/sbin/groupdel,/usr/sbin/groupmod,\
/sbin/init.d/arsystem, /usr/sbin/shutdown,\
/usr/local/adm/interactive_backup,/usr/lbin/getprpw
Cmnd_Alias TAPE=/etc/frecover,/usr/sbin/frecover,/usr/bin/mt
Cmnd_Alias MOUNT=/usr/sbin/mount,/usr/sbin/umount,/usr/sbin/pfs_mount,\
/usr/sbin/pfsd,/usr/sbin/pfs_mountd,\
/usr/bin/vi /etc/pfs_fstab
Cmnd_Alias ACCESS=/usr/bin/vi /etc/hosts.allow, \
/usr/bin/vi /etc/mail/aliases, /usr/bin/newaliases

# User privilege specification
root ALL=(ALL) ALL
SA ALL=(root,oracle7,oracle8,remedy,nocol) ALL
DBA ORACLE=(oracle7,oracle8) ALL, (remedy) REMADM, \
(root) MOUNT, (root) TAPE
PMO ORACLE=(oracle7,oracle8) ORADBA: \
REMEDY=(remedy) REMADM: \
ALL=(root) /usr/local/adm/interactive_backup
WR ALL=(root) SYS, (root) TAPE, (root) ACCESS: \
ORACLE=(oracle7,oracle8) ALL: \
REMEDY=(remedy) ALL
zap1218 WEP=(root) TAPE
0 Kudos
Reply
Abhijit P.
Valued Contributor

‎10-07-2005 05:14 PM

‎10-07-2005 05:14 PM

Re: .profile permission for by sudo

Dear Juan,

Thanks for your prompt reply....

Frankly ..I am not able to understand /etc/sudoers file. All the samples you have said I am not able to understand how to set all this according to my requirment.

Could you please explain me the meanings of the settings of the sudoers file. As I am very much new to Sudo.

Thanks in advance,
Abhijit Panse



0 Kudos
Reply
Mel Burslan
Honored Contributor

‎10-07-2005 08:29 PM

‎10-07-2005 08:29 PM

Re: .profile permission for by sudo

To allow someone to execute a script/program, an entry like this needs to be in the /etc/sudoers file:

username hostname = NOPASSWORD: /path/to/command

but in your case, executing the .profile will not help you because of the basic nature of unix shell.

On any unix shell, if you execute a script and set env. variables in the script, those variables will only be effective as long as the script runs. When the script exits, variables get removed from memory. To preserve these variables, sourcing is the way to go (see my previous post) and you only need to provide read access to the user for the .profile to be able to source it.
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Tim D Fulford
Honored Contributor

‎10-08-2005 10:58 PM

‎10-08-2005 10:58 PM

Re: .profile permission for by sudo

if you have a user and they are failing to source (NOT execute) another users .profile e.g.

. ~/.profile

If the above failes & the permissions of the .profile are read it is NOT because the .profile is not being sourced, but the contents are failing...

You need to look into the.profile in question and find out what is happening. But typically .profiles are written FOR a userser so it is quite common for them to fail when other useres try to use them.. as an example they have lines like

# set up my aliases
. ~/alias_cmds
export PATH=$PATH:~/mybin

For the intended user it works a treat as ~ resolves to theit home directory, but for another user they may not have an alias_cmds file, hence sourcing the .profile fails.

From what you say I dont think the problem is necessarily with sudo...

Regards

Tim
-
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.