[sudo-users] executing with different user environment
Todd C. Miller
Todd.Miller at courtesan.com
Fri Mar 15 14:20:10 MDT 2013
On Fri, 15 Mar 2013 12:42:13 -0400, Matt Williams wrote:
> I would like to allow all members in the %devops group to execute certain
> knife commands as the chef user. I've dropped a sudo file in the
> /etc/sudoers.d/chef that contains the following:
>
> Defaults:%devops env_reset
>
> %devops ALL=(chef) NOPASSWD:/usr/bin/knife
It looks like that should work. I did a quick test with sudo 1.7.2p1
and as long as I use the -H flag $HOME gets set appropriately.
> Then, as a user that is a member of the devops group, I get this:
>
> $ sudo -H -u chef knife node list
> WARNING: No knife configuration file found
>
> Note that knife will look in $HOME/.chef/knife.rb before looking in
> /etc/chef so it needs to be hitting /home/chef/.chef/knife.rb. I then
> execute this as a sanity check:
>
> $ sudo -H -u chef echo $HOME #my user is also a member of %sysadmin group,
> which has ALL=(ALL)
> /home/mattw
$HOME may be expanded by your shell before sudo is run. A better
test would be:
$ sudo -H -u chef printenv HOME
- todd
More information about the sudo-users
mailing list