Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'd say "sudo <user> <command>" is the better form to use, but as you can only use su... I'd suggest it is probably the case that the visudos file has only been set-up to only allow sudo su. Do you have control on the end server or not?
The program su is probably the wrong way to go about things. What are you trying to solve? Do you need to run lots of different programs as sysuser, or just one or two?
About using sudo, the user myuser needs permission in sudoers to run things as the user sysuser. But rather than editing /etc/sudoers directly, you might consider adding a file under /etc/sudoers.d/ and making your additions there. See the manual page for sudoers for details.
Code:
man 5 sudoers
The book sudo Mastery, by M W Lucas, is quite good about giving a thorough walk through with examples. He also has a video around called "sudo: you're doing it wrong" with slides available.
Ok, as I've said I can't do modification to the system, I only have permission to execute /usr/bin/su to sysuser from myuser and I have no root access.
I meant, the only thing I can do when I connect to this server is:
sudo su - sysuser
./sysscript
What I want to do is to write a script that I will execute on my linux laptop so I can execute this 'syscript' on many servers without logging manually on each one.
I think I know the issue, the visudo file has an explicit usage of su which is broken the moment you add the --command alias on it.
To be fair, at the moment you have granted a user "sudo su", then you might as well grant all in sudo because a user with sudo su can simply edit the sudoers file to give themselves that anyway.
There might be several possibilities, but you'll need first confirm what you really are allowed to run on the remote machine.
Code:
ssh -t myuser@unixserver "sudo -l"
That will tell you if you are allowed to run su and if there are any limitations on options or runtime arguments.
Thanks Turbocapitalist, I confirm you that the only thing I can do is the sudo su to this sysuser. This is an enterprise ldap and my user is very limited.
ssh -t myuser@unixserver "sudo su -l sysuser --command=./sysscript"
If not, and you have restrictions on su, then you'll always have to it manually instead until you can convince the sysadmin to tweak the sudoers file for you.
If you have a system with lots of servers in it that you have to do repeat processes like this, then maybe it'd be best to suggest moving it to some form of central control such as puppet, chef or salt. That is to whomever is in charge.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.