[sudo-users] Runas Query.
Gary.Haden at saga.co.uk
Gary.Haden at saga.co.uk
Mon Mar 19 11:07:21 EDT 2012
Hi Kevin,
sudo -l says -
Matching Defaults entries for tia on this host:
!authenticate
User tia may run the following commands on this host:
(tia) /usr/local/setuids/tiadaemon2, (tia)
/saga/opt/TIA/dev1/object/pgm/backgr/shl/F1095.shl
Yes, agree that trying to sudo as tia when i'm tia doesn't make sense but
we're also getting it with other logins. However surely that highlights an
issue if you can't sudo to run something yourself?
This is the sudo -l from another user and they also get the same message -
devupg.[DBADEV] > sudo -l
Matching Defaults entries for devupg on this host:
!authenticate, runas_default=tia
User devupg may run the following commands on this host:
(tia) /saga/app/oracle/forms_gen/fgen_tia, (tia)
/saga/app/oracle/forms_gen/fgen_tia_build, (tia)
/saga/app/oracle/class_gen/cgen_tia_build, (tia)
/saga/app/oracle/jar_gen/jgen_tia_build
(oracle) /saga/app/oracle/proc_gen/proc.shl, (oracle)
/saga/bin/remote_forms.sh
(tia) /usr/local/setuids/tiadaemon2, (tia)
/saga/opt/TIA/dev1/object/pgm/backgr/shl/F1095.shl
Sorry, user tia is not allowed to execute
'/saga/opt/TIA/dbadev/object/pgm/backgr/shl/F1095.shl' as root on draco.
Thanks
Gary.
Kevin Shortt
<kevinshortt at gmai
l.com> To
Sent by: Gary.Haden at saga.co.uk
kevin.shortt at gmai cc
l.com sudo-users at sudo.ws
Subject
Re: [sudo-users] Runas Query.
19/03/2012 14:46
What does "sudo -l" say?
And another glaring question: Why are you using sudo to run a script as
the same user?
Your error states "user tia is not allowed.." and you have the "runas" i.e
(tia) set to tia.
-Kevin
On Mon, Mar 19, 2012 at 7:13 AM, <Gary.Haden at saga.co.uk> wrote:
Hi,
We're getting the following message when trying to run a sudo command -
Sorry, user tia is not allowed to execute
'/saga/opt/TIA/dev1/object/pgm/backgr/shl/F1095.shl' as root on draco.
However we want it to run as user tia (not root) and the line in the
sudoers file reflects this -
TD2GRP DRACO=(tia) /usr/local/setuids/tiadaemon2,
/saga/opt/TIA/dev1/object/pgm/backgr/shl/F1095.shl
These are the other parameters we have in the file -
Host_Alias DRACO = draco
User_Alias TIAGRP = devaxs, devupg
User_Alias ORAGRP = devaxs, devupg
User_Alias TD2GRP = devaxs, devupg, tia
Defaults !authenticate
Defaults:TIAGRP runas_default=tia
root ALL=(ALL) ALL
TIAGRP DRACO=
(tia) /saga/app/oracle/forms_gen/fgen_tia, /saga/app/oracle/forms_gen/fgen_tia_build, /saga/app/oracle/class_gen/cgen_tia_build, /saga/app/oracle/jar_gen/jgen_tia_build
ORAGRP DRACO=
(oracle) /saga/app/oracle/proc_gen/proc.shl, /saga/bin/remote_forms.sh
oracle DRACO=
(root) /saga/app/oracle/forms_gen/fix_fmx, /saga/app/oracle/forms_gen/fix_file, /saga/app/oracle/class_gen/fix_class, /saga/app/oracle/jar_gen/fix_jar
TD2GRP DRACO=
(tia) /usr/local/setuids/tiadaemon2, /saga/opt/TIA/dev1/object/pgm/backgr/shl/F1095.shl
Any ideas what needs to be added/removed/changed?
The /usr/local/setuids/tiadaemon2 which is on the same line works and the
only differences are in the owner and permissions so should I be changing
these?
-rwxr--r-- 1 tia dev 764 28 Jun
2006 /saga/opt/TIA/dev1/object/pgm/backgr/shl/F1095.shl
-rwxr-xr-x 1 root system 3764 16 Mar
08:53 /usr/local/setuids/tiadaemon2
Thanks
Gary.
Please consider the environment before printing this email
The opinions expressed in this e-mail are those of the individual and not
necessarily the company. This e-mail and attachment[s] are confidential
to the sender and are solely for use by the intended recipient.
Saga Services Limited: Company Registration No. 732602
Saga Publishing Limited: Company Registration No. 2152564
The above companies are wholly owned subsidiaries of Saga Group Limited.
Saga Holidays is a registered trading name of Acromas Holidays Limited:
Company Registration No. 2174052
Saga Shipping is a registered trading name of Acromas Shipping Limited:
Company Registration No. 3267858
Saga Personal Finance is a registered trading name of Acromas Financial
Services Limited: Company Registration No. 3023493
Saga Group Limited: Company Registration No. 638891
All companies registered at: Enbrook Park, Sandgate, Folkestone, Kent
CT20 3SE
Saga Charitable Trust is a UK registered charity No. 291991
Saga Services Limited is authorised and regulated by the Financial
Services Authority.
Acromas Financial Services Limited is authorised and regulated by the
Financial Services Authority.
Acromas Holidays Limited is an appointed representative of Automobile
Association Insurance Services Limited which is authorised and regulated
by the Financial Services Authority.
Acromas Insurance Company Limited is authorised by the Financial Services
Commission, Gibraltar.
This e-mail and attachment[s] has been scanned for the presence of
computer viruses. Saga accept no responsibility for computer viruses once
this e-mail has been transmitted.
____________________________________________________________
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users
More information about the sudo-users
mailing list