[sudo-users] How userA can run userB's script
Erwin Hom
erwin_hom at filemaker.com
Mon May 4 20:07:13 EDT 2009
Hi Todd,
I tried your recommendation but couldn't get it to work.
I'm using Mac OS X (10.5.5).
Here's what I did:
1. Created usera. Password: abc
2. Created userb. Password: xyz
3. added the following entry in /etc/sudoers:
* Defaults:userb targetpw
4. Logged in as userb and created a shell script (echo "hello, this is
user b!").
Set the permission of the shell script to be runnable only by the userb.
Log out.
5. Logged in as usera and attempted to execute shell script as userb
with the following
commandLine: "sudo -u userb userbscript.sh"
I entered userb's password when prompted.
This is the message that sudo displayed:
"usera is not in the sudoers file. This incident will be reported."
What did I do wrong? Did I miss a step along the way?
- Erwin
On Apr 28, 2009, at 7:14 AM, Todd C. Miller wrote:
> In message <20FCEE8F-485C-4227-B823-F823BBE55827 at filemaker.com>
> so spake (erwin_hom):
>
>> There is a setting in sudoers which lets you use the target user's
>> password, i.e.
>>
>> Defaults targetpw
>>
>> But it seems to be a default behavioral change of 'sudo' that affects
>> every users, not just userA, right?
>
> Correct. However, you can bind that option specifically to userA.
> E.g.
>
> Defaults:userA targetpw
>
> and then whenever userA runs sudo he/she will need to use the
> password of the user the command is being run as.
>
> - todd
More information about the sudo-users
mailing list