[sudo-users] give user ability to run cmd as root or to su to a list of users

[Beck, Joseph]

there's about 10 different roles that our tuxedo processes run as & I
need the wily user to be able monitor these.

So, we need to cron a bunch of different jobs.

 

The monitor script is extensive and was written by our tuxedo admin

 

There's a wrapper script to call Monitor.sh:

su $1 -c "/apps/wily/epagent/epaplugins/quartz/Monitor.sh $1"

 

Due to numerous access of logs reasons the monitor script must run as
the various roles

I'm not sure if I should set up a sudo rule to allow wily to run
anything in 

/apps/wily/epagent/epaplugins/quartz/

As root with nopasswd set

 

Or if I should create a rule giving the wily user the ability to su to a
set list of users & not require a password.

 

Either way, I'm not sure the correct syntax & I'm wondering what the
better approach is.

 

 


Here's a few things I've tried, but keep getting prompted for passwords:

# steve         CSNETS = (operator) /usr/local/op_commands/

# wily          SERVERS = (root) /apps/wily/epagent/epaplugins/quartz/

# wily          ALL (root) /usr/bin/su ALL

wily            SERVERS = (root) NOPASSWD:
/apps/wily/epagent/epaplugins/quartz/

 

Joe Beck Ciber Inc. - a consultant to SEI  One Freedom Valley Drive |
Oaks, PA 19456 | p: 610.676.2258 | jbeck at seic.com