How can I exclude a list of users?

Herbert Wengatz Herbert.Wengatz at partner.bmw.de
Wed Apr 16 14:10:25 EDT 2003


Hi there!

I'm currently trying hard to make the following work, but somehow I
either don't get the right syntax, or it's impossible at all !?
I've also treid to find an example for my configurational problem, but
I didn't found one, yet.

I have a group of machines, let's call them A,B,C

On these machines, I have a so-called project-account, for support
reasons of some application.

The guys who need to use this account have to switch sometimes to
any other account on the machine - but now comes the problem: we
don't want them to become UID 0. So they shall not be able to switch
to any operator-account, having UID 0.

What I tried until now is:

# List of hosts:
Host_Alias APP_SUPP_HOSTS = A,B,C

# List of operating accounts (all with UID 0):
User_Alias OPER = root,oper1,oper2,oper3

# and now I try to bring that together:
projectaccount APP_SUPP_HOSTS = ALL,!OPER

It seems to be syntactically OK, but it doesn't seem to work. 

When I am user "projectaccount" on host A, and try to do:

sudo -u other_user ls -al $HOME

I receive the following error:

'Sorry, user projectaccount is not allowed to execute "/usr/bin/ls -l /home/projectaccount" as other_user on A.'

User 'other_user' is not on the list OPER.

What am I doing wrong here?

Any help appreaciated! :-)

-- 
Mit freundlichen Gruessen, / With kind regards,

Herbert Wengatz


Herbert Wengatz                        mailto:Herbert.Wengatz at Partner.BMW.de
CC CompuNet fuer BMW FZ-441            Hoerselbergstr. 7
Serverbetrieb Sun Solaris              D-81677 Muenchen
Unix is the only operating system, where 'more magic' really works.



More information about the sudo-users mailing list