[sudo-users] Stuck in Cmnd_Alias

Stier, Matthew Matthew.Stier at us.fujitsu.com
Thu Oct 6 07:26:30 MDT 2016


You need to run the 'sudo' with the command you want to run as the argument.

/usr/bin/sudo /usr/bin/yum update

The sudo command will then check its configuration files and verify you have the permissions to run the command on this host.  (The trifecta of who what and where.)


-----Original Message-----
From: sudo-users [mailto:sudo-users-bounces at sudo.ws] On Behalf Of leam hall
Sent: Thursday, October 06, 2016 7:55 AM
To: sudo-users at sudo.ws
Subject: Re: [sudo-users] Stuck in Cmnd_Alias

Matthew, sorry, I misspoke. I had some success late last night but forgot
which part worked. Coffee here is still kicking in.

This works in /etc/sudoers.d/testsudo

  testsudo        ALL = (ALL) NOPASSWD: ALL


Results:

[testsudo at shaphan ~]$ sudo su -
[root at shaphan ~]#

If I change to YUM_UPDATE:

testsudo file:

Cmnd_Alias YUM_UPDATE = /usr/bin/yum update
testsudo        ALL = YUM_UPDATE


Results:

[testsudo at shaphan ~]$ yum update
Loaded plugins: auto-update-debuginfo, fastestmirror, refresh-packagekit,
              : security, versionlock
You need to be root to perform this command.
[testsudo at shaphan ~]$ /usr/bin/yum update
Loaded plugins: auto-update-debuginfo, fastestmirror, refresh-packagekit,
              : security, versionlock
You need to be root to perform this command.


On Thu, Oct 6, 2016 at 8:45 AM, Stier, Matthew <Matthew.Stier at us.fujitsu.com
> wrote:

> How is the former working.  Are you invoking: /usr/bin/sudo /usr/bin/sudo
> su -
>
> How are the later failing?
>
>
> -----Original Message-----
> From: sudo-users [mailto:sudo-users-bounces at sudo.ws] On Behalf Of Leam
> Hall
> Sent: Thursday, October 06, 2016 7:39 AM
> To: sudo-users at sudo.ws
> Subject: [sudo-users] Stuck in Cmnd_Alias
>
> Trying to move to /etc/sudoers.d files for most everything. Having
> trouble on a CentOS 6 box. What am I missing?
>
> Thanks!
>
> Leam
> ### /etc/sudoers.d/testsudo
>
> # This works:
> testsudo       ALL = /usr/bin/sudo su -
>
> # Commenting out the above and changing to a Cmnd_Alias fails.
> Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
> Cmnd_Alias YUM_UPDATE = /usr/bin/yum update
> testsudo        ALL = SOFTWARE,YUM_UPDATE
>
> ###
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> https://www.sudo.ws/mailman/listinfo/sudo-users
>



-- 
Mind on a Mission <http://leamhall.blogspot.com/>
____________________________________________________________
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
https://www.sudo.ws/mailman/listinfo/sudo-users


More information about the sudo-users mailing list