Dana Kaempen decay at
Tue Nov 13 14:44:32 EST 2001

Russell -

You may need to look at this from a different perspective.  sudo works best at (I hesitate to say "was intended for") running single commands as root or another user, not for allowing a user to have an open session as the su'd user.  You *can* do that, but it pretty much destroys the thought that went into sudo, which is to give a non-root user some specific privileges as an alternate user.

For your example, to give a user a capability as Oracle, try something like this:
	sudo -u oracle SomeOracleTask
	where SomeOracleTask is what the user is allowed to run

You should note that SomeOracleTask in the example above should not allow the user to shell out, since then they would be free in the system w/the oracle user's permissions.

FYI, I'm running sudo on a number of AIX 4.3.3 systems, and it's doing exactly what we need it to do.  Sometimes it takes a bit of trial & error to get your config file set up as you'd like, but that only helps you get a fuller understanding of how to use all the options.  Great program, that sudo.  Thanks, Todd!

mailto:decay at
"Keep the wheels rolling." - Anonymous traffic prophet

More information about the sudo-users mailing list