LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Suse/Novell
User Name
Password
Suse/Novell This Forum is for the discussion of Suse Linux.

Notices

Reply
 
Search this Thread
Old 08-22-2008, 10:18 PM   #1
davidstvz
Member
 
Registered: Jun 2008
Posts: 405

Rep: Reputation: 30
Can't get sudoer to work right


I'm running SuseLinux10 (mostly like OpenSuse I think)

I have a script from which I need to call another script where the second script runs as a more privileged user (though not root) than the original user. The line is the script is:

/bin/su - priv_user -c "${classbin}/pcnew ${1} ${LOGNAME}"

Classbin could be absolute, but the args really need to remain variable.

Is this possible to set this up in the sudoer file so that the unprivileged user doesn't have to enter the password of the privileged user? I attempted it as best I understood the sudoer file, but it didn't work (still asks for a password in other words). Here's the important lines from my sudoer file:

Cmnd_Alias PC1240 = /bin/su - priv_user -c "${classbin}/pcnew ${1} ${LOGNAME}"

%1240 ALL=(ALL) NOPASSWD: PC1240

Thanks.

EDIT:

Screw this. I'm going to write a wrapper that calls the script and just set the SUID bit on the wrapper program.

Last edited by davidstvz; 08-23-2008 at 11:16 AM.
 
Old 08-27-2008, 02:36 PM   #2
trickykid
Guru
 
Registered: Jan 2001
Posts: 24,133

Rep: Reputation: 199Reputation: 199
After the NOPASSWD: instead of PC1240, try adding ALL.
 
Old 08-27-2008, 06:09 PM   #3
davidstvz
Member
 
Registered: Jun 2008
Posts: 405

Original Poster
Rep: Reputation: 30
I've gotten this working now. Here is what I did (with the help of people here) for future reference:

The trick was to use the following in the visudo file (with the things in caps being unique identifiers of your choice)

Cmnd_Alias CMD_NAME = /absolute/path/to/script.scr, /as/necessary/more/scripts.scr

Then also runas:

Runas_Alias RUNAS_NAME = user1, user2, user3

Then at the bottom:

%group ALL=(RUNAS_NAME) NOPASSWD: CMD_NAME



Finally, in the script file itself, I needed to use the syntax

sudo -u usertoswitchto ./script.scr arg1 arg2
 
Old 08-27-2008, 06:27 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,470
Blog Entries: 54

Rep: Reputation: 2901Reputation: 2901Reputation: 2901Reputation: 2901Reputation: 2901Reputation: 2901Reputation: 2901Reputation: 2901Reputation: 2901Reputation: 2901Reputation: 2901
Quote:
Originally Posted by trickykid View Post
After the NOPASSWD: instead of PC1240, try adding ALL.
Regardless if used only for testing purposes or not, that effectively disables any fine-grained control Sudo allows. Are you sure that's sound advice?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
not in sudoer file Ishmile Linux - Newbie 1 03-19-2008 12:23 PM
root not a sudoer??? LinuxNewbie999 Fedora 8 03-03-2008 03:38 PM
sudoer spidna Slackware 2 10-17-2006 02:51 AM
Sudoer??? SBN Linux - Software 1 10-03-2006 11:15 PM
/etc/sudoer mikz Linux - General 1 02-25-2005 02:04 PM


All times are GMT -5. The time now is 11:28 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration