[sudo-users] How userA can run userB's script

Erwin Hom erwin_hom at filemaker.com
Mon May 4 20:07:13 EDT 2009

Hi Todd,

I tried your recommendation but couldn't get it to work.
I'm using Mac OS X (10.5.5).

Here's what I did:

1. Created usera. Password: abc
2. Created userb. Password: xyz

3. added the following entry in /etc/sudoers:
	* Defaults:userb targetpw

4. Logged in as userb and created a shell script (echo "hello, this is  
user b!").
Set the permission of the shell script to be runnable only by the userb.
Log out.

5. Logged in as usera and attempted to execute shell script as userb  
with the following
  commandLine: "sudo -u userb userbscript.sh"

I entered userb's password when prompted.

This is the message that sudo displayed:

"usera is not in the sudoers file. This incident will be reported."

What did I do wrong? Did I miss a step along the way?

- Erwin

On Apr 28, 2009, at 7:14 AM, Todd C. Miller wrote:

> In message <20FCEE8F-485C-4227-B823-F823BBE55827 at filemaker.com>
> 	so spake  (erwin_hom):
>> There is a setting in sudoers which lets you use the target user's
>> password, i.e.
>> Defaults targetpw
>> But it seems to be a default behavioral change of 'sudo' that affects
>> every users, not just userA, right?
> Correct.  However, you can bind that option specifically to userA.
> E.g.
> Defaults:userA targetpw
> and then whenever userA runs sudo he/she will need to use the
> password of the user the command is being run as.
> - todd

More information about the sudo-users mailing list