effective vs. real user ID

William R Ward bill at wards.net
Tue Dec 31 17:46:16 EST 2002

At my workplace we have a utility called "msu" that allows a user to
become another user, controlled by its own configuration files (a file
per real user, listing what user they can become).  We have Unix
accounts for each of the applications, and users need to become those
accounts for starting and stopping applications, and things like that.
It's like using "su user" without having to enter that user's password
(you enter your own, like sudo).  Since it is *not* like "su - user",
the real user ID is still their true user ID, and only the effective
user ID is changed.

However, for a couple of these applications, we want the application
user ID to be able to run one or two commands as root, so that's where
sudo sounds like a good fit.  (Yes, sudo could also replace "msu" but
my boss doesn't want to do that.)

The trouble is, that sudo seems to use the real, not effective, user
ID when processing its config file.  So we can't put in an entry in
the sudoers file for the application account; we would have to specify
the real user ID's that can do the command, which means replicating
the "msu" configuration.

Is there any way to get sudo to look at the effective user ID instead
of the real one?


William R Ward            bill at wards.net          http://www.wards.net/~bill/
        Consistency is not really a human trait.
                         --Maude (from the film "Harold & Maude")

More information about the sudo-users mailing list