sudo won't work in shell script

[phroumb]

Hi all,
I am trying to stop IBM Websphere Application Server using sudo utility in Linux:

sudo <WAS_HOME>/profiles/AppSrv01/bin/stopServer.sh server1 -username <uid> -password <passwd>

While running the above sudo command works perfectly from command line as user <Me>, when I put the same command into a shell script and try to run it as <Me> returns the following (Websphere security specific) error:

ADMU0128I: Starting tool with the AppSrv01 profile
ADMU3100I: Reading configuration for server: server1
ADMU0111E: Program exiting with error: javax.management.JMRuntimeException:
ADMN0022E: Access is denied for the stop operation on Server MBean
because of insufficient or empty credentials.
ADMU4113E: Verify that username and password information is correct. If
running tool from the command line, pass in the correct -username
and -password. Alternatively, update the <conntype>.client.props
file.

Also, here is a fraction of my sudoers file:

<Me> ALL= NOPASSWD: <WAS_HOME>/profiles/AppSrv01/bin/stopServer.sh

If this can help, I also post the relative log messages from /var/log/messages when I run the specific script:

Nov 5 15:17:08 linux-1 su: (to <Me>) root on /dev/pts/1
Nov 5 15:18:05 linux-1 sudo: <Me> : TTY=pts/1 ; PWD=/home/<Me>/bin ; USER=root ; COMMAND=<WAS_HOME>/profiles/AppSrv01/bin/stopServer.sh server1 -username <uid> -password <passwd>

Any help in resolving this would be appreciated.

Thanks in advance

[rhyker]

have a similar issue here on AIX server, a solution would be greatly appreciated

[phroumb]

I accidentally found that there was a problem with the parsing of the script file. Try creating another script file, put only the sudo command inside and run it.
You can optionally stop the WAS first and run a sudo script only with startServer.sh (that does not require uid,password).
If this works (it starts WAS) then change the startServer command to stopServer and it should work.

[rhyker]

it's a live production environment, I can't just shutdown the WAS server.

What specifically went wrong in your situation?

I dunno much about WebSphere, but what I did find out is that the soap.client.props has the required username and password credentials.

My bets are on sourcing the wasadm profile in the cronjob. Although I doubt it will have much effect. The weird thing is when I execute the script from the commandline it works like a charm. Only the cronjob fails horribly.

Any thoughts?

[phroumb]

So you actually are able to run the sudo-stopWAS command as a script but the problem was on running the script as cron job. Right?

Can you give any logs?

Also check again sudoers file for NOPASSWD property on stopWAS.sh command. Additionally check that you have given the right full path for this command into sudoers.