[sudo-users] sudo on LDAP running commands as multiple-users

Tony G. tonysk8 at gmx.net
Mon Oct 19 21:23:11 EDT 2009

Hi, I have sudo running on openldap and found that some sudo rules more
elaborated are probably not working as expected, wondering if any of you
have been able to solve this.

This is the rule I want to implement
%www ALL = (www) ALL, (root) /bin/su www

On LDAP the entry is:
dn: cn=%www,ou=sudoers,dc=example,dc=com
cn: www
cn: %www
sudoHost: ALL
sudoUser: %www
objectClass: sudoRole
objectClass: top
sudoCommand: (root) /bin/su www
sudoCommand: (www) ALL

This rule does not work, but I'm able to mimic some functionality:
1st Option, The (www) ALL
sudoCommand: ALL
sudoRunAs: www
*But you are not able to switch to www user.

2nd Option, The (root) /bin/su www
sudoCommand: /bin/su www
sudoRunAs: root
*But you are not able to run sudo as www user.

I see that the (runas) COMMAND format is not working as I set:
sudoCommand: (root) /bin/su www
sudoRunAs: <EMPTY>

And I'm not able to run /bin/su www

Thanks for your Help in Advance.


More information about the sudo-users mailing list