SUDO as *non-root* user
 

All,

Sorry if this has been addressed before, but I couldn't find the info I needed by searching the forums. Anyway, I'm quite new to Linux (Red Hat AS 2.1) and need to set up sudoers to allow a user (say, "xyz") to run a certain command (say "/home/oracle/scripts/test1.sh") as user "oracle", not as user "root". We already have sudo working for users to run stuff as root but cannot get it working so that the command "sudo -u oracle /home/oracle/scripts/test1.sh" results in the script being run - instead I always get the error:

"Sorry, user xyz is not allowed to execute '/home/oracle/scripts/test1.sh' as oracle on server.domain."

The lines I have added to sudoers are as follows:

User_Alias TEST = xyz
Runas_Alias T1 = oracle
TEST ALL=/home/oracle/scripts/test1.sh T1

This all seems to be in order but I keep getting the above error.

I realise I've probably missed something obvious but that's me all over.

Any help or advice would be much appreciated.

TIA,

Tony.

EDIT: Sorry to have wasted your time - I found the answer unexpectedly. The line:

TEST ALL=/home/oracle/scripts/test1.sh T1

should have been

TEST ALL=(T1) /home/oracle/scripts/test1.sh

Many apologies.

Tony.

The following command gets the person root acces and then change to the user foo, running the command bar:
sudo su -c bar foo

can't you do a "su todd" to su over to Todd's account?

Thanks guys but "su" is out of the question. It's a long story but we want our operators to run certain commands as the oracle user but we do not want them to have the oracle user's password - the auditors would have a fit. "sudo" is perfect for our purposes, we were just having trouble with the syntax of "sudoers".

Thanks anyway - I appreciate the effort.

EDIT: Yes - this means I work for a corporate empire who are moving from HP UX to Red Hat for database/app server installations. And we're finding *huge* performance/cost gains as we go. And to think I was a Windows man since forever...