[sudo-users] special sudo definition assistance

Dagg Stompler daggs at gmx.com
Tue Aug 21 15:11:16 EDT 2012

Hello to all,

 I have a special scenario that I need to work with and I thought using sudo for that.

I have two files, executor an executor.db in ~ateam_boss. executor updates the content executor.db and both files are 775 and of user and group ateam_boss.

 I have a couple of users in group ateam which need to run executor, the issue is, that I need to run executor as part of group ateam_boss to be able to update the db file a as the SUDO_USER because executor is an SDL program and it doesn't work on user ateam_boss.

 I've tried the following entries:
 %ateam ALL = NOPASSWD: /home/ateam_repo/executor
 %ateam ALL =(%ateam_boss) NOPASSWD: /home/ateam_repo/executor

 but it didn't worked, I got this far:
 dagg at NCC-5001-D ~ $ sudo -u ${USER} -g ateam_boss /home/ateam_repo/executor
 Sorry, user dagg is not allowed to execute '/home/ateam_repo/executor' as dagg:ateam_boss on NCC-5001-D.
 dagg at NCC-5001-D ~ $ sudo -u ${USER} /home/ateam_repo/executor
 Sorry, user dagg is not allowed to execute '/home/ateam_repo/executor' as dagg on NCC-5001-D.

 is it possbile to do what need? if so, what am I doing wrong?


More information about the sudo-users mailing list