Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Distributions > SUSE / openSUSE
User Name
SUSE / openSUSE This Forum is for the discussion of Suse Linux.


  Search this Thread
Old 08-22-2008, 10:18 PM   #1
Registered: Jun 2008
Posts: 405

Rep: Reputation: 30
Can't get sudoer to work right

I'm running SuseLinux10 (mostly like OpenSuse I think)

I have a script from which I need to call another script where the second script runs as a more privileged user (though not root) than the original user. The line is the script is:

/bin/su - priv_user -c "${classbin}/pcnew ${1} ${LOGNAME}"

Classbin could be absolute, but the args really need to remain variable.

Is this possible to set this up in the sudoer file so that the unprivileged user doesn't have to enter the password of the privileged user? I attempted it as best I understood the sudoer file, but it didn't work (still asks for a password in other words). Here's the important lines from my sudoer file:

Cmnd_Alias PC1240 = /bin/su - priv_user -c "${classbin}/pcnew ${1} ${LOGNAME}"

%1240 ALL=(ALL) NOPASSWD: PC1240



Screw this. I'm going to write a wrapper that calls the script and just set the SUID bit on the wrapper program.

Last edited by davidstvz; 08-23-2008 at 11:16 AM.
Old 08-27-2008, 02:36 PM   #2
LQ Guru
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 235Reputation: 235Reputation: 235
After the NOPASSWD: instead of PC1240, try adding ALL.
Old 08-27-2008, 06:09 PM   #3
Registered: Jun 2008
Posts: 405

Original Poster
Rep: Reputation: 30
I've gotten this working now. Here is what I did (with the help of people here) for future reference:

The trick was to use the following in the visudo file (with the things in caps being unique identifiers of your choice)

Cmnd_Alias CMD_NAME = /absolute/path/to/script.scr, /as/necessary/more/scripts.scr

Then also runas:

Runas_Alias RUNAS_NAME = user1, user2, user3

Then at the bottom:


Finally, in the script file itself, I needed to use the syntax

sudo -u usertoswitchto ./script.scr arg1 arg2
Old 08-27-2008, 06:27 PM   #4
Registered: May 2001
Posts: 29,341
Blog Entries: 55

Rep: Reputation: 3538Reputation: 3538Reputation: 3538Reputation: 3538Reputation: 3538Reputation: 3538Reputation: 3538Reputation: 3538Reputation: 3538Reputation: 3538Reputation: 3538
Originally Posted by trickykid View Post
After the NOPASSWD: instead of PC1240, try adding ALL.
Regardless if used only for testing purposes or not, that effectively disables any fine-grained control Sudo allows. Are you sure that's sound advice?


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
not in sudoer file Ishmile Linux - Newbie 1 03-19-2008 12:23 PM
root not a sudoer??? LinuxNewbie999 Fedora 8 03-03-2008 03:38 PM
sudoer spidna Slackware 2 10-17-2006 02:51 AM
Sudoer??? SBN Linux - Software 1 10-03-2006 11:15 PM
/etc/sudoer mikz Linux - General 1 02-25-2005 02:04 PM

All times are GMT -5. The time now is 09:22 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration