Basic Sudo Issue!!

Ladner, Eric (Eric.Ladner) Eric.Ladner at chevrontexaco.com
Fri Jul 25 09:18:33 EDT 2003 

You're getting command not found because ipchains isn't in their path
(normal mortals don't have /sbin in their path, typically).  Using 'sudo
/sbin/ipchains' will probably fix that.

The first line in your question looks correct (IPCHAIN_ADMIN   ALL =
NOPASSWD: FW_SCRIPT)

Also, for a single machine sudoers file, you don't need to really mess
with the Host_Alias stuff.  That's only useful if you have a common
sudoers file that you distribute over more than one machine and need to
segregate user groups based on machine name, or groups of machines with
the Host_Aliases.

Eric

-----Original Message-----
From: Lucas Clark [mailto:lclark11 at rci.rogers.com] 
Sent: Thursday, July 24, 2003 08:58
To: 'sudo-users at sudo.ws'
Subject: Basic Sudo Issue!!


Hi All,

We are a small team of co-op students with no sudo experience. Recently
we have been forced to use it as the only method of solving a particular
problem. Namely, we need to run "ipchains" when logged in as an user
other than root.

Mainly by looking at examples, we were able to patch the following
sudoers file together. Yet we can't get it to work. We want for the
dummy1, dummy2 users to be able to run Ipchains without a password.

	# Host alias specification
	Host_Alias      FW_SERVER=xxx.xxx.xxx.xxx
	# User alias specification
	User_Alias      IPCHAIN_ADMIN=dummy1,dummy2
	# Cmnd alias specification
	Cmnd_Alias FW_SCRIPT=/sbin/ipchains

	# Defaults specification
	# User privilege specification
	root    ALL=(ALL) ALL

We are not sure if we should specify =(root), because IPchains can be
run by the root only.

	??  IPCHAIN_ADMIN   ALL = NOPASSWD: FW_SCRIPT
or
	??  IPCHAIN_ADMIN ALL=(root) FW_SCRIPT

Can anyone tell us if this is correct. Also, how do we actually use sudo
from the command prompt? We've tried typing "sudo ipchains - L" when
logged in as the user "dummy1", but we get a "command not found" error?

Any help would be greatly appreciated. 
Thanks


Lucas Clark
Rogers AT&T Wireless
Engineering
Network Strategy 
Email: lclark11 at rci.rogers.com

____________________________________________________________ 
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-users

More information about the sudo-users mailing list