Basic Sudo Issue!!

Lucas Clark lclark11 at rci.rogers.com
Thu Jul 24 11:10:10 EDT 2003 

Thank you for the response. When we did specify the location of 'Ipchains'
everything worked fine.

Our only remaining question is how to execute a sudo command, where a third
user  (i.e dummy3, who is not part of the sudoers file) runs sudo as a user
that has the 'IPchains' permissions.

In other words we want to long in as dummy3 and run sudo as dummy2. When
logged in as dummy3 can we use something along the lines of:
sudo "here we specify dummy2" Ipchains ...? So we run ipchains as if we were
dummy2?

Thank you again for your help

Lucas Clark
Rogers AT&T Wireless
Engineering
Network Strategy 
Email: lclark11 at rci.rogers.com


-----Original Message-----
From: Alan Sparks [mailto:asparks at quris.com]
Sent: Thursday, July 24, 2003 10:17 AM
To: Lucas Clark
Cc: 'sudo-users at sudo.ws'
Subject: Re: Basic Sudo Issue!!


On Thu, 2003-07-24 at 07:57, Lucas Clark wrote:
> 
> 	# Host alias specification
> 	Host_Alias      FW_SERVER=xxx.xxx.xxx.xxx
> 	# User alias specification
> 	User_Alias      IPCHAIN_ADMIN=dummy1,dummy2
> 	# Cmnd alias specification
> 	Cmnd_Alias FW_SCRIPT=/sbin/ipchains
> 
> 	# Defaults specification
> 	# User privilege specification
> 	root    ALL=(ALL) ALL
> 
> We are not sure if we should specify =(root), because IPchains can be run
by
> the root only.

Since root can already run anything it wants to, there's not need to do
this, unless you really want root to use sudo.  But root can bypass sudo
entirely.

> 
> 	??  IPCHAIN_ADMIN   ALL = NOPASSWD: FW_SCRIPT
> or
> 	??  IPCHAIN_ADMIN ALL=(root) FW_SCRIPT
> 

I personally don't use the NOPASSWD option, but the first option looks
better to me.

> Can anyone tell us if this is correct. Also, how do we actually use sudo
> from the command prompt? We've tried typing "sudo ipchains - L" when
logged
> in as the user "dummy1", but we get a "command not found" error?

To me, it sounds like /sbin (or whatever is the location of the
'ipchains' executable) is not in the user's PATH.

> 
> Any help would be greatly appreciated. 
> Thanks
> 
> 
> Lucas Clark
> Rogers AT&T Wireless
> Engineering
> Network Strategy 
> Email: lclark11 at rci.rogers.com
> 
> ____________________________________________________________ 
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
-- 
Alan Sparks, Sr. UNIX Administrator	asparks at quris.com
Quris, Inc.				(720) 836-2058

More information about the sudo-users mailing list