[sudo-users] (Hopefully) quick policy question
Mihai Moldovan
ionic at ionic.de
Wed Sep 27 07:48:38 MDT 2023
* On 9/27/23 01:46, Jore wrote:
> On 27/9/23 8:29 am, Mihai Moldovan wrote:
>> * On 9/26/23 20:18, Jore wrote:
>>> test ALL = NOPASSWD: /usr/bin/bash /home/test/acme-wrapper.sh *
>>>
>>>
>>> Regardless, when test user runs:
>>>
>>> $ bash /home/test/acme-wrapper.sh foobar123.example.com
>>> /usr/bin/bash: /root/.acme.sh/acme.sh: Permission denied
>>>
>> Because you probably meant to execute sudo bash /home/test/acme-wrapper.sh
>> foobar123.example.com? :)
>
> But I did execute that.
>
> If you check the wrapper script, it calls '/root/.acme.sh/acme.sh' which
> isn't being run as superuser, which is the error reported as above.
>
> What am I doing wrong here?
You're just missing the sudo call in front to execute the script as the super
user. A/the normal user naturally wouldn't be able to execute the script in
/root/.acme.sh, as you've already correctly determined.
Mihai
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://www.sudo.ws/pipermail/sudo-users/attachments/20230927/5d4899b2/attachment.bin>
More information about the sudo-users
mailing list