LD_* variables and sybase

Sue Blake sue at welearn.com.au
Wed Oct 24 16:22:05 EDT 2001

For safety reasons, sudo rightly refuses to pass LD_* environment
variables. As a consequence of this, I seem to be unable to
use sudo for the following task, which means that I may have to
let users have full access to a priviliged account instead,
unless there's some other way.

We have a tru64 machine running sybase. The unix user sybase
must close down and start up sybase when required. Normally
there is no reason for anyone to actually log in as user
sybase, whose access privileges are very high.

There are times that operators or assistant sybase admins need
to shut down and restart sybase. Some of these people are not
very confident but they may need to act in an emergency when
nobody is around, using a menu I've set up for them.

Commands like
   sudo -u syabase <sybase command>
bomb out, because sybase can't find its libraries, and
   sudo -u sybase env
shows what's going on: they get everything except the LD variable.

I guess I could let them have something like
   sudo su - sybase
and hope for the best, but I doubt that's the most sensible way
of dealing with this. Besides, I want to keep saying "No, you
can't login as sybase, nobody even knows the password, I'll give
you sudo access to the commands that you need to run".

What would be the most sensible approach to this problem?



More information about the sudo-users mailing list