Permissions to execute commands as another user
I installed a program named IntelMQ, here it is all the steps that I made to install it in a CentOS 7https://github.com/certtools/intelmq/issues/981. During the installation two users are created: intelmq and apache.
The user apache is part of the GUI of the IntelMQ program and it has to execute commands as the user intelmq. Basically, I can start the IntelMQ bots on the GUI, however I can't stop them. Probably is due to permission problems. In the command line if I try to execute this command as the user apache it returns this: Command: Code:
sudo -u apache sudo -u intelmq /usr/bin/intelmqctl --type json stop abusech-domain-parser Code:
Sorry, user apache is not allowed to execute '/bin/sudo -u intelmq /usr/bin/intelmqctl --type json stop abusech-domain-parser' as apache on localhost.localdomain |
I do not really understand why do you need double sudo.
Probably it can work without sudo -u apache too. Also it is not related to centos at all. I do not really know which user is allowed to execute /usr/bin/intelmqctl. Finally I think you need to configure the sudoers, see visudo |
I already configured the sudoers file through visudo and that didn't solve my problem. I know this issue is not 100% related to CentOS, but in IntelMQ GitHub they weren't able to help me, because they are not familiarized with this OS.
|
It's still not an OS issue but one of configuring /etc/sudoers properly. Why does it have to be just the account "apache" that should be able to launch /usr/bin/intelmqctl as as the account "intelmq" ?
Can you show what line you added to /etc/sudoers? |
The user apache gives access to the web interface of intelmq, and to execute any commands in the web interface, apache needs to run them as the user intelmq.
I added this line to the sudoers file: apache ALL=(intelmq) NOPASSWD: /usr/bin/intelmqctl Is there a possibility that maybe my sudo is broken, and maybe that's why I can't execute the commands? I'm really sorry to bother you guys with a subject that is not related to the OS 100%, but I don't know anywhere else to ask help. |
Quote:
Code:
apache ALL=(intelmq:intelmq) NOPASSWD: /usr/bin/sudo -u intelmq /usr/bin/intelmqctl --type json stop abusech-domain-parser
|
Quote:
Anyway, thank you very much for your help. I will try to talk again with the IntelMQ team, because this is something related to the program and not the OS itself. Once again, thank you! |
Quote:
Quote:
|
Yes, it does work from the shell.
Quote:
|
so it works from shell. That means it is an issue with this sudoers, not with the application. /etc/sudoers itself cannot raise any json error.
|
All times are GMT -5. The time now is 04:22 AM. |