[sudo-users] issues with sudo -i or sudo -s
Sudhakar PS
Sudhakar.PS at tatatel.co.in
Thu Jun 10 06:23:49 EDT 2010
Hi
I am facing a challenge while implementing SUDO for my Oracle users.
Without any commands if I execute sudo -I -u roacle10, it takes me to
the oracle10 login. I need to restrict user with group dba admin, not
to login as oracle but to execute commands as Oracle10 user by executing
his profile. Please suggest ways. Sudoers file is also pasted below:
bash-3.00$ sudo -i -u oracle10
tcsumrpoc : oracle10 : INFOZECH : /software/ora10 >>
--> ^D
bash-3.00$ sudo -u oracle10 -i
tcsumrpoc : oracle10 : INFOZECH : /software/ora10 >>
--> ^D
bash-3.00$ sudo -u oracle10 -i
tcsumrpoc : oracle10 : INFOZECH : /software/ora10 >>
Sudoers File:
root ALL=(ALL) ALL
oracle10 ALL=(ALL) ALL
%dbaadmin ALL=(DB) ALL
%dbaadmin ALL=(oracle10) ALL
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
# Cmnd alias specification
Cmnd_Alias
SHELLS=/usr/bin/sh,/usr/bin/csh,/usr/bin/tcsh,/usr/bin/ksh,/bin/rsh,/bin
/jsh,/bin/pfcsh,/bin/pfksh,/bin/pfsh,/bin/rksh,/bin/tcsh,/bin/zsh,/bin/b
ash,/usr/bin/jsh,/usr/bin/pfcsh,/usr/bin/pfksh,/usr/bin/pfsh,/usr/bin/rk
sh,/usr/bin/tcsh,/usr/bin/zsh,/usr/bin/bash,/bin/su -,/bin/su -
root,/usr/bin/su -, /usr/bin/su - root,/bin/su ""
%sysadmin ALL=!SHELLS
%sysadmin ALL=NOEXEC: /usr/bin/vi,/usr/bin/more
%sysadmin ALL= /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root
%dbaadmin ALL=!SHELLS
%dbaadmin ALL=NOEXEC: /usr/bin/vi,/usr/bin/more
========================================================================
============================
======================================
i-choose online store at www.tataindicom.com
Your Comfort.Your Convenience.YourChoice.
======================================
DISCLAIMER:
The information contained in this message (including any attachments) is confidential and may be privileged. If you have received it by mistake please notify the sender by return e-mail and permanently delete this message and any attachments from your system. Any dissemination, use, review, distribution, printing or copying of this message in whole or in part is strictly prohibited. Please note that e-mails are susceptible to change.TATATELESERVICES LTD. (including its group companies) shall not be liable for the improper or incomplete transmission of the information contained in this communication nor for any delay in its receipt or damage to your system. TATA TELESERVICES LTD. (or its group companies) does not guarantee that the integrity of this communication has been maintained nor that this communication is free of viruses, interceptions or interference.
More information about the sudo-users
mailing list