[sudo-users] Odd sudo behavior: some users can, others cannot

Bob Proulx bob at proulx.com
Sat May 6 18:22:49 EDT 2006

Axley, Jason wrote:
> Host_Alias      UATAPP = appu711, appu712, appu713, appu714
> Runas_Alias     WLOGIC = weblogic, blah
> %somegroup UATAPP = (WLOGIC) /opt/weblogic/bin/script.sh
> Both users are members of somegroup and are running this on the box appu711:

Can you double check the groups that each user are really members of
with 'id' or 'groups'?  I have seen problems in other contexts where
users were not actually in the groups they were thought to be in.


I assume it works fine if you actually list the users out?

> I can't see a reason that sudo -l would list a command correctly
> that a user should be able to execute and then deny them execution
> of that command--unless there is some sort of bug lingering here.

That does seem curious.  If you could debug this further I am sure it
would be appreciated.  This is very hard to debug by inspection.
Personally I am not sure what other advice to offer.


More information about the sudo-users mailing list