[sudo-users] Running as a user other than root
stephen at totalflood.com
Thu Feb 8 11:16:00 EST 2007
Mia Durand wrote:
> My apologies I did have that copied over incorrectly (that's what I
> get for typing instead of copy/pasting). I did in fact have REPCHK
> all caps in the sudoers file, but still received a message that the
> user was not permitted to run repchk as root.
Of course you can't run it as root. You've specifically restricted it
to running as either db2sds and db2util.
> After playing with this a bit I did get it to work by using this:
> Runas_Alias DB = db2sds,db2util
> sds ALL=(DB) NOPASSWD:/home/db2sds/bin/repchk
> When I run it I still seem to have to use the following to get it to
> work properly though. When logged in as db2sds, I can run repchk
> without the full path, but this is the only thing that seems to work
> so far when sudo'ing it:
> sudo -u db2sds /home/db2sds/bin/repchk
> Perhaps there is an environment setting, or something of that nature
> that interferes? I'm totally guessing at that though.
sudo -u does not run the login scripts like profile and .bash_login so
it inherits the PATH of the original login user not the runas user. Try
this and you'll see what I mean:
$ echo $PATH
$ sudo -u db2sds echo $PATH
> Thanks all for your suggestions.
> Mia Durand wrote:
>> Hi all,
>> Fairly new to using sudo, and I'm trying to set up a user to run a
>> job as a user other than root. I included all of the syntax that I
>> believe should work, but I'm still unable to get the command to
>> run. Here is a snippet of my sudoers file.
> Cmnd_Alias is case sensitive
>> User_alias DB2=sds
>> Cmnd_Alias REPCHK=/home/db2sds/bin/repchk
>> DB2 ALL=(db2sds) NOPASSWD:repchk
>> I have also tried this with:
>> DB2 ALL=(ALL) NOPASSWD:repchk
>> and also with:
>> DB2 ALL=(ALL)repchk
>> and also with:
>> DB2 ALL=(db2sds)repchk
>> But no matter what I include in the user specs I am continually
>> told that user sds is not permitted to run this command.
>> I remember hearing along the way somewhere that there may be some
>> issue with running commands as a user other than root, but I
>> haven't been able to find anything substantial to back that up.
>> Does anyone know what I might be doing wrong, or if this possibly
>> does not work? Thanks in advance.
>> sudo-users mailing list <sudo-users at sudo.ws> For list information,
>> options, or to unsubscribe, visit:
> sudo-users mailing list <sudo-users at sudo.ws> For list information,
> options, or to unsubscribe, visit:
More information about the sudo-users