[sudo-users] How to replace default "incorrect password attempts" message
Massimo Sgaravatto - INFN Padova
massimo.sgaravatto at pd.infn.it
Sun Nov 15 09:55:02 EST 2009
Dear all
I have the following sudo use case.
I would like the following:
If user tomcat does a:
sudo -u userx cmdx
the command should be executed without being asked for a password if userx
is part of a set of "allowed users" (let's call it GOOD_ACCOUNTS) *and* if
cmdx is part of a set of "allowed commands" (let's call it GOOD_CMDS).
If instead userx is not part of GOOD_ACCOUNTS and/or cmdx is not part of
GOOD_CMDS the command should fail reporting an "Authorization failure"
message without being asked for a password
If was able to implement such use case setting in the sudoers:
Runas_Alias GOOD_ACCOUNTS = user1, user2, ... , usern
Cmnd_Alias GOOD_CMDS = cmd1, cmd2, ..., cmdn
tomcat ALL=(GOOD_ACCOUNTS) NOPASSWD: GOOD_CMDS
Defaults passwd_tries=0
This works
The only (cosmetic) problem is that if I specify in the sudo command a
"bad" user and/or a "bad" command, I got as error message:
incorrect password attempts
while I would prefer something different (e.g. sudo authorization error)
I tried to set badpass_message in the sudoers, but it looks like it is
only used when you type a wrong password
So is there a way to replace that default error message ?
Or are there some other (better) options to implement my use case ?
Thansk a lot, Massimo
\\\|///
\\ ~ ~ //
(/ @ @ /)
-------oOOo-(_)-oOOo----------------------------------
Massimo Sgaravatto
INFN Sezione di Padova
Via Marzolo, 8
35131 Padova - Italy
Tel: ++39 0498275908 Fax: ++39 0498275952
oooO E-mail: massimo.sgaravatto [at] pd.infn.it
( ) Oooo Home page: http://www.pd.infn.it/~sgaravat
--------\ (----( )----------------------------------
\_) ) /
(_/
More information about the sudo-users
mailing list