[sudo-users] Running as a user other than root

Stephen Carville stephen at totalflood.com
Thu Feb 8 11:16:00 EST 2007 

Mia Durand wrote:
> My apologies I did have that copied over incorrectly (that's what I
> get for typing instead of copy/pasting).  I did in fact have REPCHK
> all caps in the sudoers file, but still received a message that the
> user was not permitted to run repchk as root.

Of course you can't run it as root.  You've specifically restricted it 
to running as either db2sds and db2util.

> After playing with this a bit I did get it to work by using this:
> 
> Runas_Alias DB = db2sds,db2util
> 
> sds     ALL=(DB) NOPASSWD:/home/db2sds/bin/repchk
> 
> When I run it I still seem to have to use the following to get it to
> work properly though.  When logged in as db2sds, I can run repchk
> without the full path, but this is the only thing that seems to work
> so far when sudo'ing it:
> 
> sudo -u db2sds /home/db2sds/bin/repchk
> 
> Perhaps there is an environment setting, or something of that nature
> that interferes?  I'm totally guessing at that though.

sudo -u does not run the login scripts like profile and .bash_login so 
it inherits the PATH of the original login user not the runas user.  Try 
this and you'll see what I mean:

$ echo $PATH
$ sudo -u db2sds echo $PATH

> Thanks all for your suggestions.
> 
> ~Mia
> 
> Mia Durand wrote:
>> Hi all,
>> 
>> Fairly new to using sudo, and I'm trying to set up a user to run a 
>> job as a user other than root.  I included all of the syntax that I
>>  believe should work, but I'm still unable to get the command to
>> run. Here is a snippet of my sudoers file.
> 
> Cmnd_Alias is case sensitive
> 
>> User_alias DB2=sds
>> 
>> Cmnd_Alias REPCHK=/home/db2sds/bin/repchk
> ^^^^^^
> 
>> DB2 ALL=(db2sds) NOPASSWD:repchk
> ^^^^^^
> 
>> I have also tried this with:
>> 
>> DB2 ALL=(ALL) NOPASSWD:repchk
>> 
>> and also with:
>> 
>> DB2 ALL=(ALL)repchk
>> 
>> and also with:
>> 
>> DB2 ALL=(db2sds)repchk
>> 
>> But no matter what I include in the user specs I am continually
>> told that user sds is not permitted to run this command.
>> 
>> I remember hearing along the way somewhere that there may be some 
>> issue with running commands as a user other than root, but I
>> haven't been able to find anything substantial to back that up.
>> Does anyone know what I might be doing wrong, or if this possibly
>> does not work? Thanks in advance.
>> 
>> ~Mia
>> 
>> ____________________________________________________________ 
>> sudo-users mailing list <sudo-users at sudo.ws> For list information, 
>> options, or to unsubscribe, visit: 
>> http://www.sudo.ws/mailman/listinfo/sudo-users
> 
> 
> 
> ____________________________________________________________ 
> sudo-users mailing list <sudo-users at sudo.ws> For list information,
> options, or to unsubscribe, visit: 
> http://www.sudo.ws/mailman/listinfo/sudo-users

More information about the sudo-users mailing list