[sudo-users] NOPASSWD: fails when using -i option
Marcel Kuiper
sudo at mknet.nl
Tue Jul 3 05:34:06 EDT 2012
Hi
I have the following in my sudoers to run a shellscript as some other account
%mygrp ALL=(otheruser) NOPASSWD: /path/to/script.sh
This works fine if I run:
sudo -u otheruser /path/to/script.sh
However if I add the -i option to the command sudo will ask for my
password. I can see with debugging turned on that the command now is
/bin/sh instead of /path/to/script.sh and indeed if I set /bin/sh as the
command in sudoers it will work without having to enter a password.
However this allows me to execute all commands with the -i option, not
just the specific script.
Is it intentional that with the -i option the command checked is the
user's shell instead of the command in sudoers? If so, what is the
reasoning behind that?
Thnx
Regards
Marcel
More information about the sudo-users
mailing list