[sudo-users] Sudo Run As Issue.

[Gary.Haden at saga.co.uk]

__________________

Hi,

I have an issue when trying to add to the sudoers file to get a user to run
commands as another -

In my sudoers file I have the following which works ok -

Host_Alias DRACO = draco
User_Alias TIAGRP = devaxs
Defaults !authenticate
Defaults:TIAGRP runas_default=tia
TIAGRP DRACO=
(tia) /saga/app/oracle/forms_gen/fgen_tia, /saga/app/oracle/forms_gen/fgen_tia_build, /saga/app/oracle/class_gen/cgen_tia_build, /saga/app/oracle/jar_gen/jgen_tia_build

This allows devaxs to run certain scripts as the user tia without asking
for a password.

Now, I also want devaxs to run some commands as the user oracle so I have
added the following -

User_Alias ORAGRP = devaxs
Defaults:ORAGRP runas_default=oracle
ORAGRP DRACO=(oracle) /saga/app/oracle/proc_gen/proc.shl

Note - I've put devaxs into a XXXGRP User_Alias as eventually we will also
want other users to do the same tasks.

However now I get the message -

Sorry, user devaxs is not allowed to execute
'/saga/app/oracle/forms_gen/fgen_tia
qvers /saga/opt/TIA/dev/users/devaxs/source devaxs tiadev
mona /saga/opt/MONA/fmx BATCH=YES' as oracle on draco.

The problem is that fgen_tia is in the TIAGRP section to run as tia, so I
don't want it to run as oracle anyway, and looking at the file, haven't
asked it to do so.

So I tried the following -

TIAGRP DRACO=
(tia) /saga/app/oracle/forms_gen/fgen_tia, /saga/app/oracle/forms_gen/fgen_tia_build, /saga/app/oracle/class_gen/cgen_tia_build, /saga/app/oracle/jar_gen/jgen_tia_build,

(oracle) /saga/app/oracle/proc_gen/proc.shl

This to me says run most of the commands as tia but proc.shl as oracle.
When I ran this though I got -

Sorry, user devaxs is not allowed to execute
'/saga/app/oracle/proc_gen/proc.shl devaxs tiadev ASTrace.pc none ASTrace.c
select_error=no hold_cursor=yes release_cursor=no lines=yes ireclen=132
oreclen=132 code=ansi unsafe_null=yes mode=oracle dbms=v7 parse=none
userid=sdddba/sg95sdddba at DBADEV_DRACO sqlcheck=semantics
include=/saga/app/oracle/product/11.2.0.3/precomp/public
include=/saga/app/oracle/product/11.2.0.3/precomp/lib
include=/saga/app/oracle/product/11.2.0.3/lib
include=/saga/opt/TIA/dev/users/devaxs/source
include=/saga/opt/TIA/dev/users/devaxs/source/tmp11141140' as tia on draco.

Again, this isn't carrying out what I asked it to do.

Any ideas? We are new to this version (1.8.3) but it's all seems logical of
what you are asking to do, but it doesn't seem to be doing it.

Thanks


Please consider the environment before printing this email
The opinions expressed in this e-mail are those of the individual and not necessarily the company. This e-mail and attachment[s] are confidential to the sender and are solely for use by the intended recipient.

Saga Services Limited: Company Registration No. 732602
Saga Publishing Limited: Company Registration No. 2152564
The above companies are wholly owned subsidiaries of Saga Group Limited.

Saga Holidays is a registered trading name of Acromas Holidays Limited: Company Registration No. 2174052
Saga Shipping is a registered trading name of Acromas Shipping Limited: Company Registration No. 3267858
Saga Personal Finance is a registered trading name of Acromas Financial Services Limited: Company Registration No. 3023493

Saga Group Limited: Company Registration No. 638891
All companies registered at: Enbrook Park, Sandgate, Folkestone, Kent CT20 3SE
Saga Charitable Trust is a UK registered charity No. 291991

Saga Services Limited is authorised and regulated by the Financial Services Authority.
Acromas Financial Services Limited is authorised and regulated by the Financial Services Authority.
Acromas Holidays Limited is an appointed representative of Automobile Association Insurance Services Limited which is authorised and regulated by the Financial Services Authority.
Acromas Insurance Company Limited is authorised by the Financial Services Commission, Gibraltar.

This e-mail and attachment[s] has been scanned for the presence of computer viruses. Saga accept no responsibility for computer viruses once this e-mail has been transmitted.