LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-11-2018, 02:26 PM   #1
trickydba
Member
 
Registered: Nov 2016
Location: Atlanta,Georgia
Posts: 310

Rep: Reputation: Disabled
Sudo Access


If sudo access is revoked, will the scripts be affected as far as having the ability to run when scheduled or does it just affect the ability of the user to sudo in?

Last edited by trickydba; 10-11-2018 at 02:32 PM.
 
Old 10-11-2018, 02:49 PM   #2
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,373
Blog Entries: 3

Rep: Reputation: 2184Reputation: 2184Reputation: 2184Reputation: 2184Reputation: 2184Reputation: 2184Reputation: 2184Reputation: 2184Reputation: 2184Reputation: 2184Reputation: 2184
It will affect future activites but scripts, incron jobs, and cron jobs that are already in place will remain as they are. Can you expand a little more on your question?
 
1 members found this post helpful.
Old 10-11-2018, 02:54 PM   #3
rtmistler
Moderator
 
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 8,307
Blog Entries: 13

Rep: Reputation: 3698Reputation: 3698Reputation: 3698Reputation: 3698Reputation: 3698Reputation: 3698Reputation: 3698Reputation: 3698Reputation: 3698Reputation: 3698Reputation: 3698
It affects the user.
 
1 members found this post helpful.
Old 10-11-2018, 03:23 PM   #4
trickydba
Member
 
Registered: Nov 2016
Location: Atlanta,Georgia
Posts: 310

Original Poster
Rep: Reputation: Disabled
I first log in as my normal user acct, then I sudo in. The scheduled script runs as the SUDO user. Not as the regular user. My sudo access was revoked and now I started getting an error when running the script.
 
Old 10-11-2018, 03:32 PM   #5
rtmistler
Moderator
 
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 8,307
Blog Entries: 13

Rep: Reputation: 3698Reputation: 3698Reputation: 3698Reputation: 3698Reputation: 3698Reputation: 3698Reputation: 3698Reputation: 3698Reputation: 3698Reputation: 3698Reputation: 3698
What's your question?

Talk to the administrator of that machine and indicate to them that you'd like to run that script.
 
1 members found this post helpful.
Old 10-12-2018, 12:40 AM   #6
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,373
Blog Entries: 3

Rep: Reputation: 2184Reputation: 2184Reputation: 2184Reputation: 2184Reputation: 2184Reputation: 2184Reputation: 2184Reputation: 2184Reputation: 2184Reputation: 2184Reputation: 2184
Quote:
Originally Posted by trickydba View Post
I first log in as my normal user acct, then I sudo in. The scheduled script runs as the SUDO user. Not as the regular user. My sudo access was revoked and now I started getting an error when running the script.
You can in principle use it to run a script or program as any user on the system. However, there is a shortcut in that if you leave off the user name it will assume you've chosen to use it as root. See "man sudo" and look at the -u option. That might or might not be relevant here.

The errors are because that script must run as another user than your normal account. You can probably ask for that back but may have to help enlighten the system administrator about configuring /etc/sudoers and convince them to audit your script first.

Since sudo is usually misconfigured if your account was removed from /etc/sudoers I'm guessing because there were too many permissions above and beyond just running the script. If you need to run the script, negotiate with the system administrator to move it to /usr/local/bin/ or /usr/local/sbin/ as appropriate and then make it read only executable, and owned by root. Then, if the script contains no escapes, negotiate to be able to run it as the desired user. Perhaps with no parameters or with hard-coded parameters. Here is how you would do it allowing no parameters:

Code:
trickydba ALL=(root:root) NOEXEC: /usr/local/bin/thescript ""
Again see my linked rant about how sudo is usually misconfigured and misused. There is at least one very good book on sudo, Sudo Mastery: Access Control for Real People by Michael W. Lucas. He has also posted a very long talk online covering uses of sudo along with the slides, you can find it under the title "sudo: you're doing it wrong"
 
Old 10-12-2018, 11:34 AM   #7
trickydba
Member
 
Registered: Nov 2016
Location: Atlanta,Georgia
Posts: 310

Original Poster
Rep: Reputation: Disabled
I got my sudo access back now, still didn't resolve the issue. Looking into other things though, thank you for all the help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Sudo Access trickydba Linux - Newbie 4 01-03-2017 10:06 AM
sudo access _mz Linux - Newbie 1 03-12-2014 04:37 AM
Sudo access skp Linux - Newbie 4 10-10-2012 02:51 PM
Sudo Access PMP Linux - Newbie 7 05-04-2009 08:19 AM
sudo access depam Linux - Newbie 1 02-03-2008 07:56 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 04:43 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration