[sudo-users] Can't execute commands
Russell Van Tassell
russell+sudo-users at loosenut.com
Fri Feb 3 14:05:04 EST 2006
On Fri, Feb 03, 2006 at 08:37:51AM -0600, Mark F wrote:
> ADMIN ALL=(ALL) NOPASSWD: CMD_SYSTEM
> ADMIN APPSERVER=(ALL) NOPASSWD: CMD_APPSERV
> ADMIN DCTM=(DMADMIN) NOPASSWD: CMD_DCTM
> ADMIN FAST=(DMADMIN) NOPASSWD: CMD_DCTM_IDX
> # Repository Staff
> RUSERS ALL=(ALL) /bin/change_password
> TOMCAT APPSERVER=(ALL) CMD_TOMCAT_BOUNCE
> RUSERS DCTM=(DMADMIN) CMD_DCTM
> RUSERS FAST=(DMADMIN) CMD_DCTM_IDX
> I'm a member of ADMIN and RUSERS and the host is APPSERVER yet I'm only
> able to execute the commands in the first ADMIN line and the first
> RUSERS line. The ones with ALL=(ALL)
> Any idea why this could be?
Well, the first thing I notice there, is that all host lines except the
first ADMIN and RUSERS are set for alternate hosts or groups of hosts,
where-as the other is set for ALL. My guess is that your Host_Alias
lines are not correct -- you can probably prove this by temporarily
swapping out the host specification (ie. comment the line) for something
a little less specific.
One of the troubleshooting pieces I find as helpful is to include a
"harmless" line in the sudoers to troubleshoot the networks (esp. since
many sysadmins can have trouble with CIDR blocks, the (my) preferred way
of delineating the hosts). For you, I'd suggest adding something such
as this to the bottom of your sudoers file -- at least temporarily (ie.
until you get the hosts working, then comment it out):
ALL APPSERVER = (nobody) "/bin/echo This is APPSERVER"
ALL DCTM = (nobody) "/bin/echo This is DCTM"
ALL FAST = (nobody) "/bin/echo This is FAST"
...with that, your host(s) should basically identify itself when you
execute "sudo -l" on it -- if not, something's most likely still wrong
with the Host_Alias.
Hope that helps...
Russell M. Van Tassell
russell at loosenut.com
The shoe that fits one person pinches another; there is no recipe for
living that suits all cases. - Carl Jung
More information about the sudo-users