[sudo-users] Same U/N - different UID's -- trying to use sudo inscripts across subnets.

Peter Farrell peter.d.farrell at gmail.com
Tue Dec 19 14:34:52 EST 2006 

On 19/12/06, Galen Johnson <Galen.Johnson at sas.com> wrote:
> Does the nagios user share a numeric ID on the server that prompts you?  Unix doesn't care about the name so much as the numeric ID associated with it.
>

The nagios users on both servers have different UIDs.
So: SERVER-A::nagios::501 >>> SERVER-B::nagios::731 sudo amcheck [FAIL]

They'll have to have the same UID's for this to work right?

-Peter


> As for the NOPASSWD on a specific command, you should be able to use the full path to amcheck.  I generally prefer to use command aliasesso as an example:
>
> Runas_Alias     AMUSER=amanda
> Command_Alias   AMANDA=/path/to/amcheck
>
> nagios ALL=NOPASSWD:(AMUSER)AMANDA
>
> Unless you need amcheck to run as root, substitute (root) for (AMUSER).
>
> =G=
>
> -----Original Message-----
> From: sudo-users-bounces at courtesan.com [mailto:sudo-users-bounces at courtesan.com] On Behalf Of Peter Farrell
> Sent: Tuesday, December 19, 2006 10:53 AM
> To: sudo-users at sudo.ws
> Subject: [sudo-users] Same U/N - different UID's -- trying to use sudo inscripts across subnets.
>
> Hi.
>
> I'm trying to get my nagios user to run an AMANDA 'amcheck' command via a python check script.
>
> Works fine on the backup server.
> Will not work across the network. (It always prompts for the password)
>
> The only difference is that the usernames are the same (nagios) but their UID's (calling sudo) on each server are different.
>
> I used this on the target server:
> nagios ALL=NOPASSWD:ALL
>
> *couldn't figure out how to use 'NOPASSWD' and a specific command (in this case 'amcheck' - didn't know if because it is an SUID file that that would pose a problem.)
>
> ================
> all FC4 / sudo-1.6.8p8-2.2
> ================
>
> My question to the list is two-fold:
>
> 1. Am I correct in the reason that it won't work?
> 2. Is there a work-around? (Aside from changing the UID's on both servers to match?)
>
> -thank you.
>
> -Peter
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>

More information about the sudo-users mailing list