issues getting sudo to behave
(disclaimer - I am a new Linux admin, got dropped into the deep end of a RHEL deployment so I'm learning as I go here!)
I'm trying to get 'sudo' to work for my database admins, and I think I have the syntax right but they're not getting the access that they think they need.
They are all in the 'dba' group on the database server, and it is their primary group.
In my /etc/sudoers file I have the line:
%dba ALL=(oracle) NOPASSWD: ALL
which, in theory (I think) should give members of the 'dba' group the ability to run all commands that the oracle user can run, without having to enter a password using the sudo command.
Now, when they run the command:
sudo su - oracle
they get the error
Sorry, user <users>is not allowed to execute '/bin/su - oracle' as root on <server>.
This is throwing me off, because sudo should allow them to "su" to oracle to keep from having to sudo every single command they want to run. I'm so confused!
Thanks for any advice or explanations you can provide.