Basic Sudo Issue!!
lclark11 at rci.rogers.com
Thu Jul 24 11:10:10 EDT 2003
Thank you for the response. When we did specify the location of 'Ipchains'
everything worked fine.
Our only remaining question is how to execute a sudo command, where a third
user (i.e dummy3, who is not part of the sudoers file) runs sudo as a user
that has the 'IPchains' permissions.
In other words we want to long in as dummy3 and run sudo as dummy2. When
logged in as dummy3 can we use something along the lines of:
sudo "here we specify dummy2" Ipchains ...? So we run ipchains as if we were
Thank you again for your help
Rogers AT&T Wireless
Email: lclark11 at rci.rogers.com
From: Alan Sparks [mailto:asparks at quris.com]
Sent: Thursday, July 24, 2003 10:17 AM
To: Lucas Clark
Cc: 'sudo-users at sudo.ws'
Subject: Re: Basic Sudo Issue!!
On Thu, 2003-07-24 at 07:57, Lucas Clark wrote:
> # Host alias specification
> Host_Alias FW_SERVER=xxx.xxx.xxx.xxx
> # User alias specification
> User_Alias IPCHAIN_ADMIN=dummy1,dummy2
> # Cmnd alias specification
> Cmnd_Alias FW_SCRIPT=/sbin/ipchains
> # Defaults specification
> # User privilege specification
> root ALL=(ALL) ALL
> We are not sure if we should specify =(root), because IPchains can be run
> the root only.
Since root can already run anything it wants to, there's not need to do
this, unless you really want root to use sudo. But root can bypass sudo
> ?? IPCHAIN_ADMIN ALL = NOPASSWD: FW_SCRIPT
> ?? IPCHAIN_ADMIN ALL=(root) FW_SCRIPT
I personally don't use the NOPASSWD option, but the first option looks
better to me.
> Can anyone tell us if this is correct. Also, how do we actually use sudo
> from the command prompt? We've tried typing "sudo ipchains - L" when
> in as the user "dummy1", but we get a "command not found" error?
To me, it sounds like /sbin (or whatever is the location of the
'ipchains' executable) is not in the user's PATH.
> Any help would be greatly appreciated.
> Lucas Clark
> Rogers AT&T Wireless
> Network Strategy
> Email: lclark11 at rci.rogers.com
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
Alan Sparks, Sr. UNIX Administrator asparks at quris.com
Quris, Inc. (720) 836-2058
More information about the sudo-users