SUMMARY : Sudoers error(not allowd to execute the command)

From: vijay (vk_sol@yahoo.com)
Date: Wed May 29 2002 - 09:11:26 EDT

• Next message: UnixAdmin: "DiskSuite RAID 0+1 growfs"
• Previous message: Brijesh Kanderia: "quota"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi All,

Thanks to veryone who replied.
Pierre
Jason
Matthew

I have two scenario :

1) Two uers x and z. give the su permission to x for z user only. So that x can su only to z.

Add the following line in sudoers

X ALL = (root) /usr/bin/su  z

OR

Host_Alias MYSVR = myserver
Cmnd_Alias SU = /usr/bin/su - z
X MYSVR = (root) SU

x must use - with the command su. see the few lines of a mail which I received from Pierre

>su without - is useless in your case.
>It would be the same as: sudo -s z
>(which starts a shell with z1 ownership) su - z starts a shell and executes all the profiles (setting >the environment vars) of z but if you really want to have su without - , then you have to define it in sudoers:

> X ALL = (root) /bin/su - z, /bin/su z

> (root) is valid for both commands. Note that sudo >will only grant permissions for commands, which are >exactly match the definition in your sudoers file.

Now If you want user x should execute any the command as z then add following line

Defaults:x set_home,runas_default=z
x ALL = (z) ALL

x should then call: sudo or sudo s
x can run ALL progs as z on ALL systems. (ie: sudo u z /bin/ls )
This has the advantage of logging all actions.
Substituting the '-s' option give a shell as that user. (ie: sudo -u z -s )
Adding the '-H' option also sets HOME to z's home directory. (ie: sudo -u z -s -H)

2) If there are a two groups x and y. In x group i have three users u1, u2, u3 In y group i have five users z1, z2, z3, z4, z5. Now in this case any user of x gruoup shoud be able su any member of group y.

Add following lines in sudoers file.

# User aliases
User_Alias X = u1,u2,u3

# Runas alias specification
User_Alias y = z1, z2, z3, z4, z5

# Host aliases
Host_Alias MYSVR = myserver

# Command aliases
Cmnd_Alias SU=/usr/bin/su - z1, /usr/bin/su - z2, /usr/bin/su - z3,....
OR
Cmnd_Alias SU=/usr/bin/su  z*

# Override builtin defaults
Defaults:X set_home,runas_default=y
OR
Defaults:X !aunthenticate

# User specifications
X MYSVR=(root) SU

Once again Thanks for giving your time.
Regards,
Vijay

Original Post:

I am using Solaris 2.6. Installed Sudoers version 1.6.3p7. I have two users x and y. Now I want to give su permission to x user for only y user. So x should su only to y.

So I added following line in suoders

x ALL = /usr/bin/su y

But that didn't worked. Still it gives me following error
Sorry x is not allowed to execute "/usr/bin/su y " as root on Server.
Yahoo! - Official partner of 2002 FIFA World Cup
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: UnixAdmin: "DiskSuite RAID 0+1 growfs"
• Previous message: Brijesh Kanderia: "quota"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:24:23 EDT