HPE Community
Operating System - HP-UX
1831151 Members
2510 Online
110020 Solutions
New Discussion

Re: Sudo Password Problems

 
CRollins
Advisor

‎09-19-2007 12:00 AM

‎09-19-2007 12:00 AM

Sudo Password Problems


I'm configuring the sudo file user specification. When issuing the command, it's still prompting for a password. The username is an alias and the command string is an alias.

USERNAMEGROUP ALL=(user2) NOPASSWD: COMMANDVAR
0 Kudos
Reply
8 REPLIES 8
Matti_Kurkela
Honored Contributor

‎09-19-2007 12:36 AM

‎09-19-2007 12:36 AM

Re: Sudo Password Problems

Have you specified the actual full path of the command in the COMMANDVAR alias definition?

Sudo is very, very picky about the commands it allows. If your COMMANDVAR is specified like this:

Cmnd_Alias COMMANDVAR = ls

it won't work.

You must specify something like

Cmnd_Alias COMMANDVAR = /bin/ls

instead.

This behaviour is by design: it ensures the user cannot use commands the sysadmin did not intend by playing tricks with his/her PATH environment variable.

And what's the exact sudo command line you're trying? It should be something like

sudo -u user2

If the "-u user2" option is not specified, sudo will assume "-u root" by default... which of course does not match your rule.

MK
MK
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎09-19-2007 12:37 AM

‎09-19-2007 12:37 AM

Re: Sudo Password Problems

Shalom,

Form:

sudo program-name

Any other form will prompt for a password.

Check that you are not using reserved words in your sudoers configuration.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
CRollins
Advisor

‎09-19-2007 12:48 AM

‎09-19-2007 12:48 AM

Re: Sudo Password Problems

the full path is there. there are two executables with the full path delimited by a comma and then a space. does spacing matter in the syntax?

the command line string

sudo -u user2 command
0 Kudos
Reply
CRollins
Advisor

‎09-19-2007 12:59 AM

‎09-19-2007 12:59 AM

Re: Sudo Password Problems

USERNAMEGROUP ALL=(user2) NOPASSWD: COMMANDVAR

where USERNAMEGROUP is a User_Alias in the syntax:
User_Alias USERNAMEGROUP=USER
where USER above is also in caps (as in /etc/passwd)

where (user2) is a Runas_Alias in the form USER2=user2 and is in caps in the user specification.

where COMMANDVAR is a Cmnd_Alias in the form
Cmnd_Alias COMMANDVAR=/path/executable,/path/executable
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

‎09-19-2007 12:59 AM

‎09-19-2007 12:59 AM

Re: Sudo Password Problems

Try running "sudo -l" as an user that belongs to the USERNAMEGROUP. It may ask for a password, but it should then list the commands the user is allowed to run using sudo (unless the configuration options prevent the listing).

Does the output look correct?

MK
MK
0 Kudos
Reply
CRollins
Advisor

‎09-19-2007 01:02 AM

‎09-19-2007 01:02 AM

Re: Sudo Password Problems

yep

(user2) NOPASSWD: /path/executable, /path/executable
0 Kudos
Reply
CRollins
Advisor

‎09-19-2007 01:04 AM

‎09-19-2007 01:04 AM

Re: Sudo Password Problems

if i execute it as follows, then how am i sure its running it as the other user?

sudo program-name
0 Kudos
Reply
Reidmeister
Occasional Advisor

‎09-19-2007 08:31 PM

‎09-19-2007 08:31 PM

Re: Sudo Password Problems

the user must type the -u when you are specifying a command to be run under a specific account

/usr/local/bin/sudo -u 'username' 'command_exactly_as_referencec_in_sudoers'
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.