HPE Community
Operating System - HP-UX
1821410 Members
2709 Online
109633 Solutions
New Discussion юеВ

Sudo run as another user problem

 
Mike Smith_33
Super Advisor

тАО03-30-2007 04:00 AM

тАО03-30-2007 04:00 AM

Sudo run as another user problem

I have added a new command that works fine with default of running as root. When I try to restrict it by having it run as the account that owns the files, I get a message that this user is not allowed to execute that command. I have checked all the sudo documentation I can find with no sucess.

Host_Alias DEVEDI = host

User_Alias EDIAPP = appaccount

Cmnd_Alias AWTRAP = /pathtoawtrap

Runas_Alias CA = caaccount

EDIAPP DEVEDI = (CA) AWTRAP


My understanding is that this will allow the appaccount on node host to run the /pathtoawtrap as user caaccount. This is not working but if I remove the (CA) and allow it to run as root it works.

Any help is appreciated.
0 Kudos
3 REPLIES 3
Patrick Wallek
Honored Contributor

тАО03-30-2007 04:59 AM

тАО03-30-2007 04:59 AM

Re: Sudo run as another user problem

Here is how I have sudoers set up on one of my machines:

User_Alias EDI=ediprod,editest

Cmnd_Alias CMD1T=/cyd/runs/prog1test
Cmnd_Alias CMD2T=/cyd/runs/prog2test
Cmnd_Alias CMD1=/cy/runs/prog1
Cmnd_Alias CMD2=/cy/runs/prog2

EDI HR=(cyborg) NOPASSWD: CMD1T, CMD2T, CMD1, CMD2

I have not specified a Runas_Alias, I just put the user name to run as in permission line. My configuration as above is working splendidly.
0 Kudos
Mike Smith_33
Super Advisor

тАО03-30-2007 05:50 AM

тАО03-30-2007 05:50 AM

Re: Sudo run as another user problem

Ok, your suggestion did not work for me but I did find out something else even stranger. The error message was so long it went off the screen. I redirected standard error to a file and found that the last part of the error message indicates it is failing in trying to run as root??

Here is a summary of the error message:

Sorry, user specifieduser is not allowed to execute 'command param1 param2' as root on node host.


My understanding is that when you do not specify, it runs as root. When I specify a username it giving a mesage that indicates it is trying to run as root???
0 Kudos
Mike Smith_33
Super Advisor

тАО03-30-2007 06:20 AM

тАО03-30-2007 06:20 AM

Re: Sudo run as another user problem

The quite simple answer has been found. My clue was in the error message indicating that it was trying to run as root. My test procedure doing the sudo needed to be modified as follows:

sudo -u username


I just had

sudo command


Even though I had changed the sudoers file, my test script needed to be changed.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.