[sudo-users] sudo and groups

Timo Wendt twendt at online.de
Thu Apr 20 16:13:59 EDT 2006 

It is no typo. I want to allow timo1 to run the command as timo. I  
don't need to allow timo to run the command as himself. In production  
I would use the following of course:

timo1 ALL= (timo) NOPASSWD: /tmp/dir1/dir2/cmd

I only used ALL to be able to try it with root as well.

Am 20.04.2006 um 22:09 schrieb Galen Johnson:

> Fair enough...is timo1 a typo or an alias?  If a typo, I'd change  
> that to timo and see if that works.
>
> =G=
>
> -----Original Message-----
> From: Timo Wendt [mailto:twendt at online.de]
> Sent: Thursday, April 20, 2006 3:48 PM
> To: Galen Johnson
> Cc: sudo-users at sudo.ws
> Subject: Re: [sudo-users] sudo and groups
>
> User timo does have execute persmissions, its his own file and
> permissions are 740. dir2 is also hos own and therefore no problem.
> Due to his primary group shadow dir1 is also no problem. And all this
> works as designed without sudo if timo executes the command. Here is
> my sudoers entry:
>
> timo1 ALL= (ALL) NOPASSWD: /tmp/dir1/dir2/cmd
>
> It actually works fine if he tries to execute this as root by
> running: sudo /tmp/dir1/dir2/cmd
>
>
>
> Am 20.04.2006 um 21:38 schrieb Galen Johnson:
>
>> I doubt this is a sudo problem...this is a unix permission
>> problem.  Chmod dir2 to 750 and the command to 750...in order to
>> traverse a directory, you have to have execute privs on it.  I'm
>> surprised it works at all.  Of course, it would help to see the
>> related sudoers entry for the user and command in question.
>>
>> =G=
>>
>> -----Original Message-----
>> From: sudo-users-bounces at courtesan.com [mailto:sudo-users-
>> bounces at courtesan.com] On Behalf Of Timo Wendt
>> Sent: Thursday, April 20, 2006 1:53 PM
>> To: sudo-users at sudo.ws
>> Subject: [sudo-users] sudo and groups
>>
>> Hi,
>>
>> I have the following setup:
>>
>> drwxr-x--- 3 root shadow 4096 20. Apr 19:31 dir1
>>
>> tmp/dir1:
>> insgesamt 4
>> drwxr----- 2 timo shadow 4096 20. Apr 19:32 dir2
>>
>> tmp/dir1/dir2:
>> insgesamt 4
>> -rwxr----- 1 timo shadow 13 20. Apr 19:32 cmd
>>
>> Now I allowed a user timo1 to run cmd as user timo. User timo has
>> group shadow as his primary group. It doesn't work. It is possble
>> though to run the command when logging in as user timo. Somehow sudo
>> doesn't recognize that user timo has shadow as its primary group and
>> therefore the problem is dir1. As soon as I set 755 on it, it works.
>>
>> Is this supposed to be like that or is there any option to use?
>>
>> Timo
>> ____________________________________________________________
>> sudo-users mailing list <sudo-users at sudo.ws>
>> For list information, options, or to unsubscribe, visit:
>> http://www.sudo.ws/mailman/listinfo/sudo-users
>

More information about the sudo-users mailing list