How can I exclude a list of users?

Herbert Wengatz Herbert.Wengatz at partner.bmw.de
Fri Apr 25 04:28:35 EDT 2003 

Hello?

Anybody out there?

I still didn't receive any answer. Is this not solvable?

I also would think that:

User_Alias OPER = #0

should work. But I guess, it doesn't.
Or how about:

projectaccount APP_SUPP_HOSTS ALL,!#0 

????

Am I syntactically completely wrong, or is it not possible to exclude UID 0 ?

I'm still hoping to get an answer...

Best regards,

Herbert



Herbert.Wengatz at partner.bmw.de wrote:

> I'm very sorry, if you receive this mail for a second time, but I'm
> not sure if it went out correctly at the first time (because I wasn't on
> the list at that time). Here is my problem...
> 
> Hi there!
> 
> I'm currently trying hard to make the following work, but somehow I
> either don't get the right syntax, or it's impossible at all !?
> I've also treid to find an example for my configurational problem, but
> I didn't found one, yet.
> 
> I have a group of machines, let's call them A,B,C
> 
> On these machines, I have a so-called project-account, for support
> reasons of some application.
> 
> The guys who need to use this account have to switch sometimes to
> any other account on the machine - but now comes the problem: we
> don't want them to become UID 0. So they shall not be able to switch
> to any operator-account, having UID 0.
> 
> What I tried until now is:
> 
> # List of hosts:
> Host_Alias APP_SUPP_HOSTS = A,B,C
> 
> # List of operating accounts (all with UID 0):
> User_Alias OPER = root,oper1,oper2,oper3
> 
> # and now I try to bring that together:
> projectaccount APP_SUPP_HOSTS = ALL,!OPER
> 
> It seems to be syntactically OK, but it doesn't seem to work.
> When I am user "projectaccount" on host A, and try to do:
> 
> sudo -u other_user ls -al $HOME
> 
> I receive the following error:
> 
> 'Sorry, user projectaccount is not allowed to execute "/usr/bin/ls -l 
> /home/projectaccount" as other_user on A.'
> 
> User 'other_user' is not on the list OPER.
> 
> What am I doing wrong here?
> 
> Any help appreaciated! :-)
> 

-- 
Mit freundlichen Gruessen, / With kind regards,

Herbert Wengatz


Herbert Wengatz                        mailto:Herbert.Wengatz at Partner.BMW.de
CC CompuNet fuer BMW FZ-441            Hoerselbergstr. 7
Serverbetrieb Sun Solaris              D-81677 Muenchen
Unix is the only operating system, where 'more magic' really works.

More information about the sudo-users mailing list