[sudo-users] Odd sudo behavior: some users can, others cannot
bob at proulx.com
Sat May 6 18:22:49 EDT 2006
Axley, Jason wrote:
> Host_Alias UATAPP = appu711, appu712, appu713, appu714
> Runas_Alias WLOGIC = weblogic, blah
> %somegroup UATAPP = (WLOGIC) /opt/weblogic/bin/script.sh
> Both users are members of somegroup and are running this on the box appu711:
Can you double check the groups that each user are really members of
with 'id' or 'groups'? I have seen problems in other contexts where
users were not actually in the groups they were thought to be in.
I assume it works fine if you actually list the users out?
> I can't see a reason that sudo -l would list a command correctly
> that a user should be able to execute and then deny them execution
> of that command--unless there is some sort of bug lingering here.
That does seem curious. If you could debug this further I am sure it
would be appreciated. This is very hard to debug by inspection.
Personally I am not sure what other advice to offer.
More information about the sudo-users