HPE Community
Operating System - HP-UX
1833046 Members
2574 Online
110049 Solutions
New Discussion

sudo ALIASES not working

 
Donny Jekels
Respected Contributor

‎04-15-2003 06:10 PM

‎04-15-2003 06:10 PM

sudo ALIASES not working

Cmnd_Alias MYSCRIPT /usr/bin/myscript

USERS someone

LOCALHOST USERS, MYSCRIPT

okay that is a lame sudoers file, but the point I am trying to make is.

in the sudoers file.

you creat an ALIAS for users to use.

but when users try to use the alias it fails.

sudo MYSCRIPT
fails :-o(

but
sudo /usr/bin/myscript
works :O(

so can someone tell me what are the users suppposed to use.

the ALIAS or the command.
and is there a fix for it, I ahve the latest sudo 1.6.7
"Vision, is the art of seeing the invisible"
0 Kudos
Reply
8 REPLIES 8
Michael Tully
Honored Contributor

‎04-15-2003 06:21 PM

‎04-15-2003 06:21 PM

Re: sudo ALIASES not working

This may sound lame, however, I think sudo will allow the script, but it will not generate the path for it in the attempt to run it ...

echo $PATH
/usr/bin
$ sudo myscript
(should work)

echo $PATH
/usr/sbin
$ sudo myscript
fails ... ?
Try it out.

Anyone for a Mutiny ?
0 Kudos
Reply
S.K. Chan
Honored Contributor

‎04-15-2003 06:36 PM

‎04-15-2003 06:36 PM

Re: sudo ALIASES not working

First of all I think the Cmnd_Alias syntax is not right. My /etc/sudoers file has this ..
...
Cmnd_Alias KILL = /usr/bin/kill
Cmnd_Alias PRINTING = /usr/bin/lpsched, /usr/bin/lpadmin
....
Second of all the Cmnd_Alias name (the one in uppercase letters) is not meant to be executed in the sudo command line. It's meant to be used (if needed) in other definition rules within sudoers file. In you case if you got ..

Cmnd_Alias MYSCRIPT = /usr/bin/myscript

then the user should be able to run myscript without having to provide the full path.

$ sudo myscript

For details of the syntax applicable to sudoers file take a look here..
http://www.courtesan.com/sudo/man/sudoers.html#aliases
0 Kudos
Reply
Donny Jekels
Respected Contributor

‎04-16-2003 03:54 AM

‎04-16-2003 03:54 AM

Re: sudo ALIASES not working

why can't I use

sudo MYSCRIPT, instead of sudo myscript

which I have to setup a path for?
"Vision, is the art of seeing the invisible"
0 Kudos
Reply
Tom Maloy
Respected Contributor

‎04-16-2003 06:25 AM

‎04-16-2003 06:25 AM

Re: sudo ALIASES not working

MYSCRIPT is an *alias* for your command. The alias is used by sudo to see if the command that you are attempting is in the list of commands that you are authorized to use. So only sudo knows about MYSCRIPT - the shell does not know what command that is.
Carpe diem!
0 Kudos
Reply
Jack C. Mahaffey
Super Advisor

‎04-16-2003 06:30 AM

‎04-16-2003 06:30 AM

Re: sudo ALIASES not working

The aliases in the sudo file are meant to group commands so you don't need to individually specify the commands per user. If you want to see what commands you're allowed to execute at the command prompt, execute the sudo -l command. You will not see any Cmd_Aliases listed.


Using the sudo Cmd_Alias as part of the sudo command doesn't make sense because multiple commands can be assigned to a sudo Cmd_Alias.

For example, assume you want a Cmd_Alias to be set for identifying both the vi and sed commands. Executing the sudo alias wouldn't know which command you wanted to execute.

jack...

0 Kudos
Reply
S.K. Chan
Honored Contributor

‎04-16-2003 06:35 AM

‎04-16-2003 06:35 AM

Re: sudo ALIASES not working

As you can see in the example above ..
Cmnd_Alias PRINTING = /usr/bin/lpsched, /usr/bin/lpadmin
we got multiple commands assigned to PRINTING.
0 Kudos
Reply
Donny Jekels
Respected Contributor

‎04-16-2003 07:40 AM

‎04-16-2003 07:40 AM

Re: sudo ALIASES not working

would it be silly (stupid) to create a alias (system alias) or a link for the su command.

ie. I want everyone that uses su to use "sudo su"
"Vision, is the art of seeing the invisible"
0 Kudos
Reply
Tom Maloy
Respected Contributor

‎04-16-2003 07:46 AM

‎04-16-2003 07:46 AM

Re: sudo ALIASES not working

I'd let folks set up their own alias for that.
Carpe diem!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.