[sudo-users] issues with sudo -i or sudo -s
aaron.lewis1989 at gmail.com
Thu Jun 10 10:14:45 EDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
On 06/10/2010 09:03 PM, Sudhakar PS wrote:
> Hi Mark
> Thanks for the guidance.
> I am facing one issue.
> dbaadmin$ sudo -u oracle10 <some_command>, while executing this command, I would like the profile of oracle10 to be executed along with the command. It tells me command not found etc. I need to manually execute the profile file. I have multiple oracle versions installed on a single server, require the account profile to be executed along with the sudo -u <oraclex> <command>. Let me know if I have some solution / workaround.
Maybe `evn_keep' will help ?
Looks like some environment variable is not passed to your shell.
> -----Original Message-----
> From: Mark Janssen [mailto:maniac.nl at gmail.com]
> Sent: Thursday, June 10, 2010 5:55 PM
> To: Sudhakar PS
> Cc: sudo-users at sudo.ws
> Subject: Re: [sudo-users] issues with sudo -i or sudo -s
> On Thu, Jun 10, 2010 at 12:23 PM, Sudhakar PS <Sudhakar.PS at tatatel.co.in> wrote:
>> Sudoers File:
>> oracle10 ALL=(ALL) ALL
>> %dbaadmin ALL=(DB) ALL
>> %dbaadmin ALL=(oracle10) ALL
> This gives everyone in group dbaadmin full root access... they sudo to
> oracle10, start a shell, and sudo to root ;P
> Only the ALL=(oracle10) line should be enough...
> dbaadmin$ sudo -u oracle10 <some_command>
> is the command your users should use to run something as oracle10
>> sh,/usr/bin/tcsh,/usr/bin/zsh,/usr/bin/bash,/bin/su -,/bin/su -
>> root,/usr/bin/su -, /usr/bin/su - root,/bin/su ""
>> %sysadmin ALL=!SHELLS
> Negations don't work as you would expect... people can make a symlink
> to a shell and start that, or they can start vi, and use a
> They can write their own script, which runs a shell, and start that.
>> %sysadmin ALL=NOEXEC: /usr/bin/vi,/usr/bin/more
> You should make NOEXEC a default, and !NOEXEC the specific commands
> that NEED it.
>> %sysadmin ALL= /usr/bin/passwd [A-Za-z]*, !/usr/bin/passwd root
> Second bit doesn't work as expected either...
>> %dbaadmin ALL=!SHELLS
>> %dbaadmin ALL=NOEXEC: /usr/bin/vi,/usr/bin/more
Aaron Lewis - PGP: 0x4A6D32A0
FingerPrint EA63 26B2 6C52 72EA A4A5 EB6B BDFE 35B0 4A6D 32A0
irc: A4r0n on freenode
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the sudo-users