Find the answer to your Linux question:
Results 1 to 3 of 3
Hello, I recently added the following lines to the /etc/sudoers file on a RHEL5 server. The only other entries in the file are for the sysadmins to be be able ...
  1. 07-06-2010 #1
    pgri
    pgri is offline
    Just Joined!
    Join Date
    Jul 2010
    Posts
    2

    sudo not working correctly

    Hello, I recently added the following lines to the /etc/sudoers file on a RHEL5 server. The only other entries in the file are for the sysadmins to be be able to run any command as root without a password (i.e. sysadmin_user ALL=NOPASSWORD: ALL)

    # deploy aliases for app servers
    User_Alias DEPLOYERS = deploy_user
    Cmnd_Alias DEPLOYCOMMANDS = /application/project/deploy/cache/deploy-*-to-*/*/scripts/bin/deploy-jboss.sh

    # deploy rule for app servers
    DEPLOYERS ALL=(jboss_user) NOPASSWD: DEPLOYCOMMANDS


    I run /usr/sbin/visudo -c and it parses OK, and when I switch to the deploy_user and run sudo -l I get the following output:
    User deploy_user may run the following commands on this host:
    (jboss_user) NOPASSWD: /application/project/deploy/cache/deploy-*-to-*/*/scripts/bin/deploy-jboss.sh

    When I actually try and run a command and get the following:
    sudo -u jboss_user /application/project/deploy/cache/deploy-foo-to-env/12/scripts/bin/deploy-jboss.sh
    Password:
    Sorry, user deploy_user is not allowed to execute '/application/project/deploy/cache/deploy-foo-to-env/12/scripts/bin/deploy-jboss.sh' as jboss_user on local_host.domain.com

    is there a problem with '*' in the sudoers file?
    Reply With Quote Reply With Quote
  2. 07-07-2010 #2
    crzyorc
    crzyorc is offline
    Just Joined!
    Join Date
    Jul 2010
    Posts
    1
    hi pgri.
    the sudoers file should look somthig like this:

    # User alias specification
    User_Alias ADMIN = admin

    # Cmnd alias specification
    Cmnd_Alias CADMIN = /bin/rm, /sbin/service, /bin/chown, /bin/tar, /bin/cp

    # User privilege specification
    root ALL=(ALL) ALL
    ADMIN ALL=NOPASSWD: CADMIN

    in the Cmnd_Alias CADMIN = [all the command you want to run with sudo.]

    for more info check this out - h t t p ://crzyorc-linux.blogspot.com/search/label/sudo
    Reply With Quote Reply With Quote
  3. 07-07-2010 #3
    pgri
    pgri is offline
    Just Joined!
    Join Date
    Jul 2010
    Posts
    2

    sudoers not working, problem with permissions --resolved

    Hi Crzyorc, thank you for your response. The article on your blog helped me understand sudoers a bit better. In the end the sudoers file was just fine, I shall explain:

    I am editing my original response because I have found root cause:
    Permissions. The jboss_user didn't have the right permissions to execute the script. Why sudoers simply responded with "password:" rather than "<script> permission denied" I am not sure. Once I corrected the permissions, everything worked fine.

    So to recap, /etc/sudoers was fine, it was an unrelated issue with file permissions, that wasn't clear until I dug into it further.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

...