LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-22-2015, 01:21 PM   #1
ripelivejam
LQ Newbie
 
Registered: Dec 2015
Posts: 1

Rep: Reputation: Disabled
Configure sudoers in CentOS 5.10 for a user to run a script owned by another user as that user


Hello!

Banging my head currently over trying to set up sudoer's file so a user can run a command as another user; I've already done quite a bit of investigating on this but time's of the essence and I'm desperate. This is on a box running CentOS 5.10 32 bit. If I am understanding the process correctly the following was what was essentially suggested by my superior. test_script.sh has the same ownership and permissions as all the other scripts in the same directory (changed names obviously but the setup is entirely the same):

Host_Alias TESTSERVER = testserver
User_Alias TEST = test
Cmnd_Alias TESTCMD = /bin/su -u newuser /opt/program/bin/test_script.sh

(snip)

TEST TESTSERVER = TESTCMD


Test script just has:
#~/bin/bash
echo Test script by test, please ignore email

(keep in mind it's only an example script w/ same permissions/ownerships as the scripts i need to run)

So essentially I would setup sudoer's file as above, ssh to testserver as test user, then run "sudo /opt/program/bin/test_script.sh". But it asks for my password and then gives me the error "Sorry, user test is not allowed to execute '/opt/program/bin/test_script.sh' as root on testserver."

Now when I add just the following line to the sudoer's file:

test TESTSERVER=(newuser) NOPASSWD: /opt/program/bin/test_script.sh

and include only the same Host_Alias as before and comment out the rest, i can ssh to server as test user and run:

sudo -u newuser /opt/program/bin/test_script.sh

and it correctly prints the line to screen "Test script by test, please ignore email", no password entry required.

Now my superior insists to run the command in the later way is not to run it as the user "newuser"; it runs it as "test" user instead. The command has to be run as "newuser", and according to him the previous method is how this is done, but i can't figure out for the life of me how to be able to run the command that way. I'm sure there's something simple here that I'm missing. Using /usr/sbin/visudo command while having root access if that helps at all. Ownership/permissions are as follows:

-r-xr-xr-x 1 newuser newuser 58 Nov 24 12:38 test_script.sh

So tl;dr: need to set up sudoers on centos 5.10 box for a user to run a script owned by a different user as that different user; and I need it to DEFINITELY be run by that different user.

Any clarification/pointing/assistance in the right way on how I can do this will be greatly appreciated. Thank you!
 
Old 12-22-2015, 02:19 PM   #2
Steven_G
Member
 
Registered: Dec 2015
Location: Western US
Distribution: Home spun
Posts: 141

Rep: Reputation: 67
I'm no guru, maybe one will come along with a better answer. But I think you're trying to reinvent the wheel. IDK if sudo will do what you want. But pkexec is specifically built to spawn a process as another user.
 
Old 12-22-2015, 03:02 PM   #3
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=14, FreeBSD_10{.0|.1|.2}
Posts: 3,885
Blog Entries: 1

Rep: Reputation: 2005Reputation: 2005Reputation: 2005Reputation: 2005Reputation: 2005Reputation: 2005Reputation: 2005Reputation: 2005Reputation: 2005Reputation: 2005Reputation: 2005
Quote:
Originally Posted by ripelivejam View Post
Now when I add just the following line to the sudoer's file:

test TESTSERVER=(newuser) NOPASSWD: /opt/program/bin/test_script.sh

and include only the same Host_Alias as before and comment out the rest, i can ssh to server as test user and run:

sudo -u newuser /opt/program/bin/test_script.sh

and it correctly prints the line to screen "Test script by test, please ignore email", no password entry required.

Now my superior insists to run the command in the later way is not to run it as the user "newuser"; it runs it as "test" user instead.
Honestly I am confused by your full post, but based on the part I have quoted above, if I understand that correctly, your superior is not correct (i.e., inferior?) - the script will be run as newuser in the command you have posted.

Two ways to easily verify this and one will also enforce that the script is never run by another user.

First, have the script print both the UID and EUID of the user it is being run as:

Code:
echo "This script is being run as UID:"${UID}" EUID:"${EUID}
Now when you run it, it will tell who it is being run as - unambiguously.

Next, change the execute permissions to prevent others from running the script - so it can indeed only be run by the owner, newuser:

Code:
chown newuser:newuser /opt/program/bin/test_script.sh
chmod 700 /opt/program/bin/test_script.sh
Now if it runs, it is being run as newuser (or possibly root of course).

Last edited by astrogeek; 12-22-2015 at 03:11 PM. Reason: tpos, typs, typos, remove accidental smiley icon
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Add user on raspbian + run a script on logon + logoff when user exits script EdgarE Linux - Newbie 7 09-07-2015 11:03 AM
[SOLVED] User not in sudoers: How to add user? Permtion Denied for sudoers file esgol Linux - Newbie 3 07-13-2012 08:44 AM
Configure radius to run script under different user jenniekingsland Linux - Newbie 4 10-13-2010 07:33 AM
How can I have a script owned as root and run as root by a user: setuid? stickey bit? abefroman Linux - Newbie 9 04-19-2008 06:15 PM
how do I make sure that the user that is going to run the script is a root user??? nikold01 Linux - General 3 09-10-2004 08:54 AM


All times are GMT -5. The time now is 04:32 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration