[sudo-users] issues with sudo -i or sudo -s

Sudhakar PS Sudhakar.PS at tatatel.co.in
Thu Jun 10 06:23:49 EDT 2010



I am facing a challenge while implementing SUDO for my Oracle users.
Without any commands if I execute sudo -I -u roacle10, it takes me to
the oracle10 login.  I need to restrict user with group dba admin, not
to login as oracle but to execute commands as Oracle10 user by executing
his profile.  Please suggest ways.  Sudoers file is also pasted below:



bash-3.00$ sudo -i -u oracle10

tcsumrpoc : oracle10 : INFOZECH : /software/ora10 >>

--> ^D

bash-3.00$ sudo -u oracle10 -i

tcsumrpoc : oracle10 : INFOZECH : /software/ora10 >>

--> ^D

bash-3.00$ sudo -u oracle10 -i

tcsumrpoc : oracle10 : INFOZECH : /software/ora10 >>


Sudoers File:



root    ALL=(ALL) ALL

oracle10 ALL=(ALL) ALL


%dbaadmin       ALL=(DB) ALL

%dbaadmin       ALL=(oracle10) ALL


# Uncomment to allow people in group wheel to run all commands

# %wheel        ALL=(ALL)       ALL


# Same thing without a password

# %wheel        ALL=(ALL)       NOPASSWD: ALL


# Samples

# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom

# %users  localhost=/sbin/shutdown -h now

# Cmnd alias specification

sh,/usr/bin/tcsh,/usr/bin/zsh,/usr/bin/bash,/bin/su -,/bin/su -
root,/usr/bin/su -, /usr/bin/su - root,/bin/su ""

%sysadmin       ALL=!SHELLS

%sysadmin       ALL=NOEXEC: /usr/bin/vi,/usr/bin/more

%sysadmin       ALL= /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root

%dbaadmin       ALL=!SHELLS

%dbaadmin       ALL=NOEXEC: /usr/bin/vi,/usr/bin/more


i-choose online store at www.tataindicom.com
Your Comfort.Your Convenience.YourChoice.

The information contained in this message (including any attachments) is confidential and may be privileged. If you have received it by mistake please notify the sender by return e-mail and permanently delete this message and any attachments from your system. Any dissemination, use, review, distribution, printing or copying of this message in whole or in part is strictly prohibited. Please note that e-mails are susceptible to change.TATATELESERVICES LTD. (including its group companies) shall not be liable for the improper or incomplete transmission of the information contained in this communication nor for any delay in its receipt or damage to your system. TATA TELESERVICES LTD. (or its group companies) does not guarantee that the integrity of this communication has been maintained nor that this communication is free of viruses, interceptions or interference.

More information about the sudo-users mailing list