[sudo-users] Users and Groups aliases?
David Barr
dafydd at dafydd.com
Fri Oct 4 12:15:09 MDT 2013
Aaaaaaand, never mind.
`sudo -ll -U svcuser`
shows that the one "SERVICEACCT ALL=..." line will give me SVCUSERS and SVCGROUPS. The feature is in visudo's parser.
Thanks!
David
On Oct 4, 2013, at 10:47, David Barr <dafydd at dafydd.com> wrote:
> Good Morning!
>
> I'm stuck on sudo 1.7.2p1 off of Oracle EL 5 (which is customized RHEL 5).
>
> Looking at the sudoers man page on the host, I can create
>
> User_Alias SERVICEACCT = svcuser
> Runas_Alias SVCUSERS = user1, user2
> Runas_Alias SVCGROUPS = group1, group2
> Cmnd_Alias SVCCMDS = command1, command2 arguments2
>
> But, apparently, I can't use both SVCUSERS and SVCGROUPS. If I try this:
>
> SERVICEACCT ALL = (SVCUSERS:SVCGROUPS) NOPASSWD: SVCCMDS
>
> with visudo, I get
>
> visudo: Warning: unused Runas_Alias SVCGROUPS
>
> Is that deliberate? May I only tell a service account what users it can run as?
>
> This is related to automating some processes for the Oracle team (which is to say I don't have good visibility into exactly what they're doing). They tell me that they need to do things as oracle:oper, or oracle:dba, or grid:asmadmin, or whatever.
>
> Thanks!
> David
>
>
> --
>
> David - Offbeat http://dafydd.livejournal.com
> dafydd - Online http://pgp.mit.edu/
> Battalion 4 - Black Rock City Emergency Services Department
> Integrity*Commitment*Communication*Support
>
> ----5----1----5----2----5----3----5----4----5----5----5----6----5----7--
>
> Rene Descartes walks into his neighborhood watering hole. The publican sees him and asks, "Will you have your usual, sir?"
>
> Descartes ponders a moment and replies, "I think not."
>
> And promptly disappears...
>
>
>
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
--
David - Offbeat http://dafydd.livejournal.com
dafydd - Online http://pgp.mit.edu/
Battalion 4 - Black Rock City Emergency Services Department
Integrity*Commitment*Communication*Support
----5----1----5----2----5----3----5----4----5----5----5----6----5----7--
Pavlov walks into a bar. The phone rings and he says,
"Damn! I forgot to feed the dog!"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: </pipermail/sudo-users/attachments/20131004/fbba5cf7/attachment.bin>
More information about the sudo-users
mailing list