[sudo-users] Users and Groups aliases?
David Barr
dafydd at dafydd.com
Fri Oct 4 11:47:20 MDT 2013
Good Morning!
I'm stuck on sudo 1.7.2p1 off of Oracle EL 5 (which is customized RHEL 5).
Looking at the sudoers man page on the host, I can create
User_Alias SERVICEACCT = svcuser
Runas_Alias SVCUSERS = user1, user2
Runas_Alias SVCGROUPS = group1, group2
Cmnd_Alias SVCCMDS = command1, command2 arguments2
But, apparently, I can't use both SVCUSERS and SVCGROUPS. If I try this:
SERVICEACCT ALL = (SVCUSERS:SVCGROUPS) NOPASSWD: SVCCMDS
with visudo, I get
visudo: Warning: unused Runas_Alias SVCGROUPS
Is that deliberate? May I only tell a service account what users it can run as?
This is related to automating some processes for the Oracle team (which is to say I don't have good visibility into exactly what they're doing). They tell me that they need to do things as oracle:oper, or oracle:dba, or grid:asmadmin, or whatever.
Thanks!
David
--
David - Offbeat http://dafydd.livejournal.com
dafydd - Online http://pgp.mit.edu/
Battalion 4 - Black Rock City Emergency Services Department
Integrity*Commitment*Communication*Support
----5----1----5----2----5----3----5----4----5----5----5----6----5----7--
Rene Descartes walks into his neighborhood watering hole. The publican sees him and asks, "Will you have your usual, sir?"
Descartes ponders a moment and replies, "I think not."
And promptly disappears...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: </pipermail/sudo-users/attachments/20131004/0aff24ce/attachment.bin>
More information about the sudo-users
mailing list