Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-29-2007 01:00 AM
тАО11-29-2007 01:00 AM
does anyone have any experience with sudo and sudoers.
I want user1 to execute /usr/bin/command as user user2 without a password.
The entry in sudoersis:
user1 all = NOPASSWD user2: /usr/bin/command
It doesn't work. What is going wrong.
Regards, Alfons
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-29-2007 01:03 AM
тАО11-29-2007 01:03 AM
Re: sudo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-29-2007 01:15 AM
тАО11-29-2007 01:15 AM
Re: sudo
I dont understand you syntax...not sure what you want...
I would do:
user1 = (root) NOPASSWD:/usr/bin/su user2 -c usr/bin/command
Is that what you are trying to achieve?
All the best
Victor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-29-2007 01:33 AM
тАО11-29-2007 01:33 AM
Re: sudo
missing ALL =...
I just tested:
e.g.
sas9 ALL = (root) NOPASSWD:/usr/bin/su vbe -c ksh
ant:/opt/sudo $ id
uid=601(sas9) gid=2(bin)
ant:/opt/sudo $ /usr/local/bin/sudo -l
User sas9 may run the following commands on this host:
(root) NOPASSWD: /usr/bin/su vbe -c ksh
ant:/opt/sudo $ sudo /usr/bin/su vbe -c ksh
ksh: sudo: not found
ant:/opt/sudo $ /usr/local/bin/sudo /usr/bin/su vbe -c ksh
ant:/opt/sudo $ id
uid=200(vbe) gid=2(bin)
All the best
Victor
(putting back sudoers in previous state...)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-29-2007 01:48 AM
тАО11-29-2007 01:48 AM
Re: sudo
The entry in sudoersis:
user1 all = NOPASSWD user2: /usr/bin/command
I think that is incorrect. Here is what I have in sudoers:
# Host Aliases
Host_Alias HR=systema,systemb
# User Aliases
User_Alias EDI=ediprod,editest
# Command Aliases
Cmnd_Alias COMMAND=/path/to/command
Cmnd_Alias COMMAND2=/path/to/command2
# User Privilege section
EDI HR=(user1) NOPASSWD: COMMAND, COMMAND2
The above will allow the users defined as EDI in the "User Aliase section" to run the commands defined as COMMAND and COMMAND2 on the systems defined as HR as user1 with no password required.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-29-2007 01:56 AM
тАО11-29-2007 01:56 AM
Re: sudo
user1 is not allowed in a specific directory, and user2 is.
So I have to allow user1 to run a script in that specific directory.
The entry in sudoers is now:
user1 ALL = (users2) NOPASSWD: /usr/bin/ls
After executing:
/usr/local/bin/sudo -u user2 -s /usr/bin/ls
I get the error:
naxora: sudo: user1: command not allowed; TTY=ttyp3; PWD=/FP01/mto USER=user2; COMMAND=/usr/bin/ksh /usr/bin/ls
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-29-2007 02:05 AM
тАО11-29-2007 02:05 AM
Re: sudo
You have to be user2 first to be abe to access the directory...
and so:
user1 ALL = (root) NOPASSWD:/usr/bin/su user2 -c
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-29-2007 02:22 AM
тАО11-29-2007 02:22 AM
Re: sudo
I created the file the way You did.
When I do a sudo -l everything is ok.
when I do a:
EDI HR=(user1) NOPASSWD: COMMAND, COMMAND2
I get an error syntax error at line 1 '(' unexpected.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-29-2007 02:29 AM
тАО11-29-2007 02:29 AM
Solution
when I do a:
EDI HR=(user1) NOPASSWD: COMMAND, COMMAND2
Where are you doing that? Are you trying to run that from a command prompt? If so, that will definitely not work. That line is part of the sudoers file.
With my configuration in place, an edi user can do a:
$ sudo /path/to/command
and it will run as the user user1 and not request a password.
Have a read through the 'sudoers' man page as a LOT of this is explained pretty well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-29-2007 02:34 AM
тАО11-29-2007 02:34 AM
Re: sudo
no, I was not running that from the command prompt. I was the entry in the sudoers file.
From the command prompt as user "user1" I ran:
/usr/local/bin/sudo -u user2 -s /usr/bin/ls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-29-2007 02:39 AM
тАО11-29-2007 02:39 AM
Re: sudo
I have Your solution working. Thanks.
I thought Patricks solution should work as well.
So I will give that another shot.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-29-2007 02:44 AM
тАО11-29-2007 02:44 AM
Re: sudo
Patrick solution works also, it is equivalent to aliases...
IN Your command line is -s a display artefact or is that you mistake (should be -c)
as user1 what does sudo -l give you?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-29-2007 02:48 AM
тАО11-29-2007 02:48 AM
Re: sudo
You are correct it should be -c
Thanks to all of You, I will close the thread
Regards, Alfons
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-29-2007 02:51 AM
тАО11-29-2007 02:51 AM