[sudo-users] Re : allow one user to run commands as another (ie: sudo -u other_user command) in sudoers

Ahmed Karoumi akaroumi at yahoo.com
Sun Mar 1 15:52:58 EST 2009 

----- Message transféré ----

> De : Ahmed Karoumi <akaroumi at yahoo.com>
> À : Robin Holt <holt at sgi.com>
> Envoyé le : Jeudi, 26 Février 2009, 14h21mn 03s
> Objet : Re : [sudo-users] allow one user to run commands as another (ie: sudo -u other_user command) in sudoers
> 
> ----- Message d'origine ----
> 
> > De : Robin Holt 
> > À : ivar vasara 
> > Cc : sudo-users at sudo.ws
> > Envoyé le : Dimanche, 22 Février 2009, 6h21mn 55s
> > Objet : Re: [sudo-users] allow one user to run commands as another (ie: sudo 
> -u other_user command) in sudoers
> > 
> > On Thu, Feb 19, 2009 at 04:06:07PM -0800, ivar vasara wrote:
> > > Hi all,
> > > 
> > > I've been browsing the sudo-user archives for solutions to my problem and
> > > have found a few promising recent threads, but nothing exactly what I'm
> > > looking for. The sudoers man page looks promising, but a solution is far
> > > from clear for my quandry.
> > > I would like to allow the 'www-data' user to run commands as the
> > > 'capistrano' user without requiring a password, and without dropping to
> > > capistrano's shell (ie: not using 'su'). My attempts have all failed, and so
> > > far my best guess is the following clause in /etc/sudoers :
> > > 
> > > www-data ALL=NOPASSWD: /usr/bin/sudo -u capistrano
> > > 
> > 
> > I am not sure this is what you want, but I just did
> > 
> > www-data    ALL=(ALL) NOPASSWD: /bin/su - capistrano
> > 
> > and it did what I think you are asking for.
> > 
> > Thanks,
> > Robin
> > ____________________________________________________________ 
> > sudo-users mailing list 
> > For list information, options, or to unsubscribe, visit:
> > http://www.sudo.ws/mailman/listinfo/sudo-users
 
Example to see capistrano's crontab, try this:
www-data ALL=(capistrano) NOPASSWD: /bin/crontab -l capistrano

add this line for each command that you want to autorized with sudo privilege, 
or use Cmnd_Alias to give a list of commands:

Cmnd_Alias     PRINTING = /usr/sbin/lpc, /usr/bin/lprm, ...
www-data ALL=(capistrano) NOPASSWD: PRINTING

Regards,
Ahmed.

More information about the sudo-users mailing list