[sudo-users] Runas Query.

Kevin Shortt kevinshortt at gmail.com
Mon Mar 19 10:46:30 EDT 2012


What does "sudo -l" say?

And another glaring question:  Why are you using sudo to run a script as
the same user?
Your error states "user tia is not allowed.." and you have the "runas" i.e
(tia) set to tia.

-Kevin



On Mon, Mar 19, 2012 at 7:13 AM, <Gary.Haden at saga.co.uk> wrote:

>
> Hi,
>
> We're getting the following message when trying to run a sudo command -
>
> Sorry, user tia is not allowed to execute
> '/saga/opt/TIA/dev1/object/pgm/backgr/shl/F1095.shl' as root on draco.
>
> However we want it to run as user tia (not root) and the line in the
> sudoers file reflects this -
>
> TD2GRP DRACO=(tia) /usr/local/setuids/tiadaemon2,
> /saga/opt/TIA/dev1/object/pgm/backgr/shl/F1095.shl
>
> These are the other parameters we have in the file -
>
> Host_Alias DRACO = draco
>
> User_Alias TIAGRP = devaxs, devupg
> User_Alias ORAGRP = devaxs, devupg
> User_Alias TD2GRP = devaxs, devupg, tia
>
> Defaults !authenticate
> Defaults:TIAGRP runas_default=tia
>
> root ALL=(ALL) ALL
>
> TIAGRP DRACO=
> (tia) /saga/app/oracle/forms_gen/fgen_tia,
> /saga/app/oracle/forms_gen/fgen_tia_build,
> /saga/app/oracle/class_gen/cgen_tia_build,
> /saga/app/oracle/jar_gen/jgen_tia_build
> ORAGRP DRACO=
> (oracle) /saga/app/oracle/proc_gen/proc.shl, /saga/bin/remote_forms.sh
> oracle DRACO=
> (root) /saga/app/oracle/forms_gen/fix_fmx,
> /saga/app/oracle/forms_gen/fix_file, /saga/app/oracle/class_gen/fix_class,
> /saga/app/oracle/jar_gen/fix_jar
> TD2GRP DRACO=
> (tia) /usr/local/setuids/tiadaemon2,
> /saga/opt/TIA/dev1/object/pgm/backgr/shl/F1095.shl
>
> Any ideas what needs to be added/removed/changed?
>
> The /usr/local/setuids/tiadaemon2 which is on the same line works and the
> only differences are in the owner and permissions so should I be changing
> these?
>
> -rwxr--r--    1 tia      dev             764 28 Jun
> 2006  /saga/opt/TIA/dev1/object/pgm/backgr/shl/F1095.shl
> -rwxr-xr-x    1 root     system         3764 16 Mar
> 08:53 /usr/local/setuids/tiadaemon2
>
> Thanks
>
> Gary.
>
>
> Please consider the environment before printing this email
> The opinions expressed in this e-mail are those of the individual and not
> necessarily the company. This e-mail and attachment[s] are confidential to
> the sender and are solely for use by the intended recipient.
>
> Saga Services Limited: Company Registration No. 732602
> Saga Publishing Limited: Company Registration No. 2152564
> The above companies are wholly owned subsidiaries of Saga Group Limited.
>
> Saga Holidays is a registered trading name of Acromas Holidays Limited:
> Company Registration No. 2174052
> Saga Shipping is a registered trading name of Acromas Shipping Limited:
> Company Registration No. 3267858
> Saga Personal Finance is a registered trading name of Acromas Financial
> Services Limited: Company Registration No. 3023493
>
> Saga Group Limited: Company Registration No. 638891
> All companies registered at: Enbrook Park, Sandgate, Folkestone, Kent CT20
> 3SE
> Saga Charitable Trust is a UK registered charity No. 291991
>
> Saga Services Limited is authorised and regulated by the Financial
> Services Authority.
> Acromas Financial Services Limited is authorised and regulated by the
> Financial Services Authority.
> Acromas Holidays Limited is an appointed representative of Automobile
> Association Insurance Services Limited which is authorised and regulated by
> the Financial Services Authority.
> Acromas Insurance Company Limited is authorised by the Financial Services
> Commission, Gibraltar.
>
> This e-mail and attachment[s] has been scanned for the presence of
> computer viruses. Saga accept no responsibility for computer viruses once
> this e-mail has been transmitted.
>
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>



More information about the sudo-users mailing list