sudoers syntax question

Chuck Mattern camattern at acm.org
Mon Mar 3 14:02:59 EST 2003


I'm working on converting from a home grown set uid utility to sudo.
One of the things that the existing solution provides is that it
references a control file to determine not only who may run a
privileged program but what user it will run as.  From the sudoers
man page it seems that sudo will do that as well but I'm stumped as to
how to get there.  Would some kind soul please provide me of an
example of how I could have the following rule implemented in a
sudoers file?

jim can run /usr/local/bin/prog1 as the id informix
john can run /usr/local/bin/prog2 as the id db2
jim and john can both run /usr/local/bin/prog3 as the id progress
any user on the system can run /usr/local/bin/prog4 as the id ingress

The caveats here are:

1. These users will not know what id to run as, they cannot execute:

$ sudo -u informix /usr/local/bin/prog1

They need to execute:

$ sudo /usr/local/bin/prog1

and sudo needs to decide what id to run as based on the sudoers file.

2. Users may be added to the systems automatically (over 7000 machines
at about 1600 sites) but there is no current architecture for updating
the sudoers file, is there a generic construct that will allow any
user to run a given command as an id specified in the sudoers file?

Looking forward to any suggestions!
Chuck
-- 
-----------------------------------------------------------------------
|Chuck Mattern	        | "People often find it easier to be a result |
|camattern at acm.org      | of the past than a cause of the future."    |
-----------------------------------------------------------------------


More information about the sudo-users mailing list