LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-27-2015, 01:42 PM   #1
linuxmantra
Member
 
Registered: Dec 2013
Posts: 111

Rep: Reputation: Disabled
sudo issue


When I place following line in /etc/sudoers
tom ALL=NOPASSWD:/sbin/service tomcat6 start

and..
# su - tom
# sudo -s
I get following message

Sorry, user tom is not allowed to execute '/bin/bash' as root on example.com

I did not understand can some make me understand why I am getting this message.


Thank you
 
Old 02-27-2015, 01:52 PM   #2
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
@ linuxmantra

It is doing as it is instructed to do. You have only specified the following command to run as sudo: tom ALL=NOPASSWD:/sbin/service tomcat6 start, so if you want to execute sudo -s which is turn call shell then it should look as follows:

Code:
tom ALL=NOPASSWD:/sbin/service tomcat6 start, /bin/bash
 
Old 02-27-2015, 01:58 PM   #3
linuxmantra
Member
 
Registered: Dec 2013
Posts: 111

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by T3RM1NVT0R View Post
It is doing as it is instructed to do. You have only specified the following command to run as sudo: tom ALL=NOPASSWD:/sbin/service tomcat6 start, so if you want to execute sudo -s which is turn call shell then it should look as follows:

Code:
tom ALL=NOPASSWD:/sbin/service tomcat6 start, /bin/bash

Thank you very much. I google about this lot. I got ticket asking for this issue to get resolved. Could you please explain me why we need this. And why we need to do sudo -s ??

Thank you once again
 
Old 02-27-2015, 02:02 PM   #4
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
Why we need this I would say check sudo man page ones, here is the abstract from there:

Code:
 -s [command]
                   The -s (shell) option runs the shell specified by the SHELL environment variable if it is set or the shell
                   as specified in passwd(5).  If a command is specified, it is passed to the shell for execution.  Otherwise,
                   an interactive shell is executed.
Why we need to do sudo -s, I am not sure on that because I don't know the requirement for which you guys were trying this. Could be some application require to run with shell access but I am not sure just a wild guess.
 
Old 02-27-2015, 02:42 PM   #5
linuxmantra
Member
 
Registered: Dec 2013
Posts: 111

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by T3RM1NVT0R View Post
Why we need this I would say check sudo man page ones, here is the abstract from there:

Code:
 -s [command]
                   The -s (shell) option runs the shell specified by the SHELL environment variable if it is set or the shell
                   as specified in passwd(5).  If a command is specified, it is passed to the shell for execution.  Otherwise,
                   an interactive shell is executed.
Why we need to do sudo -s, I am not sure on that because I don't know the requirement for which you guys were trying this. Could be some application require to run with shell access but I am not sure just a wild guess.
OK..I check the /etc/passwd file and found as:

tomcat:x:91:91:Apache Tomcat:/usr/share/tomcat6:/sbin/nologin

So tomcat does not have /bin/bash shell. So it requires /bin/bash in sudoers files(tom ALL=NOPASSWD:/sbin/service tomcat start, /bin/bash) then only we can do # sudo -s . Am I right?

Last edited by linuxmantra; 02-27-2015 at 02:43 PM.
 
Old 02-27-2015, 02:46 PM   #6
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
Yup that is correct.
 
Old 02-27-2015, 03:44 PM   #7
linuxmantra
Member
 
Registered: Dec 2013
Posts: 111

Original Poster
Rep: Reputation: Disabled
Wink

Quote:
Originally Posted by T3RM1NVT0R View Post
Yup that is correct.
Thank you Terminator... ASTALA VISTA ..baby
 
Old 02-28-2015, 12:10 PM   #8
joe_2000
Member
 
Registered: Jul 2012
Location: Aachen, Germany
Distribution: Void, Debian
Posts: 823

Rep: Reputation: 237Reputation: 237Reputation: 237
Quote:
Originally Posted by T3RM1NVT0R View Post
It is doing as it is instructed to do. You have only specified the following command to run as sudo: tom ALL=NOPASSWD:/sbin/service tomcat6 start, so if you want to execute sudo -s which is turn call shell then it should look as follows:

Code:
tom ALL=NOPASSWD:/sbin/service tomcat6 start, /bin/bash
Yikes! This effectively leaves the root account without password protection!
Why do you want to run sudo -s without password?!?

I take it what you really want is starting tomcat as root without a password?
In that case, stick with your original version of the sudoers entry and run
Code:
sudo /sbin/service tomcat6 start
I am not 100% sure that this is really safe either though. Personally, I'd put a script into /usr/local/bin that has the desired command in it, make sure that it is owned by root and only writable by root, and then enable its password-free execution in sudoers.

In any event, you should not put /bin/bash there!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
sudo copy issue saikrishnaprasadh Linux - Newbie 2 02-19-2013 01:33 AM
sudo issue The_eXXe Red Hat 4 08-07-2012 04:29 AM
[SOLVED] sudo issue _spectrum_ Linux - Software 5 03-09-2011 01:09 AM
[SOLVED] sudo issue zosty Slackware 11 06-05-2010 01:23 PM
sudo NOPASSWD issue lensem Linux - Software 5 11-25-2009 05:08 PM


All times are GMT -5. The time now is 11:10 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration