How can I exclude a list of users?
Herbert.Wengatz at partner.bmw.de
Thu Apr 17 05:34:07 EDT 2003
I'm very sorry, if you receive this mail for a second time, but I'm
not sure if it went out correctly at the first time (because I wasn't on
the list at that time). Here is my problem...
I'm currently trying hard to make the following work, but somehow I
either don't get the right syntax, or it's impossible at all !?
I've also treid to find an example for my configurational problem, but
I didn't found one, yet.
I have a group of machines, let's call them A,B,C
On these machines, I have a so-called project-account, for support
reasons of some application.
The guys who need to use this account have to switch sometimes to
any other account on the machine - but now comes the problem: we
don't want them to become UID 0. So they shall not be able to switch
to any operator-account, having UID 0.
What I tried until now is:
# List of hosts:
Host_Alias APP_SUPP_HOSTS = A,B,C
# List of operating accounts (all with UID 0):
User_Alias OPER = root,oper1,oper2,oper3
# and now I try to bring that together:
projectaccount APP_SUPP_HOSTS = ALL,!OPER
It seems to be syntactically OK, but it doesn't seem to work.
When I am user "projectaccount" on host A, and try to do:
sudo -u other_user ls -al $HOME
I receive the following error:
'Sorry, user projectaccount is not allowed to execute "/usr/bin/ls -l /home/projectaccount" as other_user on A.'
User 'other_user' is not on the list OPER.
What am I doing wrong here?
Any help appreaciated! :-)
Mit freundlichen Gruessen, / With kind regards,
Herbert Wengatz mailto:Herbert.Wengatz at Partner.BMW.de
CC CompuNet fuer BMW FZ-441 Hoerselbergstr. 7
Serverbetrieb Sun Solaris D-81677 Muenchen
Unix is the only operating system, where 'more magic' really works.
More information about the sudo-users