[sudo-users] sudo -u issue
Carville, Stephen
scarville at LANDAM.com
Mon Jun 2 16:48:05 EDT 2008
> Hi, I just had a quick question. I've been looking into how to setup
> sudo -u to allow some employees to run scripts as other users. The
> problem is, I thought what I had setup was properly done based off all
> all the docs and discussions I've seen, but I can not get it to
> recognize NOPASSWD. Whenever sudo -u is invoked it prompts me, whereas
> sudo alone does not. Here's an example of what I'm trying to do. Now in
> this example I'm restricting the groups that people can run as, but
> with
> or without that it does not make a difference, I still get prompted:
>
> -----
> Cmnd_Alias SCRIPT = /usr/local/bin/script
> Runas_Alias SCRIPT_GROUPS = %11013
>
> root ALL=(ALL) ALL
>
> %skid ALL = (SCRIPT_GROUPS) NOPASSWD: SCRIPT
> -----
Permission to do the above is restricted to those in the local "skid" group. Are you in that group?
As I understand the Runas_Alias the user you want to run as (-u) must be in the group named "11013". The group must be a name not a number.
[someone_in_skid at ALL ~]$ sudo -u <someone_in_11013> /usr/local/bin/script
(Sudo version 1.6.8p12 -- all others YMMV :-)
> Running this as myself works fine without a prompt, using -u prompts me
> even though I am in our equivalent of wheel and attached to the root
> group. I thought maybe it had something to do with that fact that I'm
> trying to run as another user, but why considering I can su - or anyone
> else without a password, and if I run the command without -u it works.
>
> Any advice would be appreciated!
--
Stephen Carville <scarville at landam.com>
Systems Engineer
Land America
1.626.667.1450 X1326
#####################################################################
That which does not kill us often hurts us a lot.
More information about the sudo-users
mailing list