sudo within ssh remote
Hi .
I have a problem, please see if anyone can help me out: I have 2 servers which I have connected through an ssh without password (with public keys permissions, etc). The user input both on the client and on the server is john. That is, I do: ssh john @ server uname -a for example (and I have managed to work without password) (on the server there is also the user john as I said) But now I need to do The normal operation in the server is to do (entering with user john) then sudo su - userserver2 and then execute a script with sudo (since it is root) with sudo /etc/init.d/scritp1 What I want is to be able to execute the script from the remote client but ssh john @ server "sudo su - userserver2" for example, it does not work, it gives me permission denied. How could I do it please? Thanks in advance. |
Welcome to the forum.
su and sudo should not be combined. A) If you mean to log in as john and then run script1 as root then Code:
ssh -l john server "sudo /etc/init.d/script1" Code:
ssh -l john server "sudo -u userserver2 /etc/init.d/script1" Code:
%john ALL=(root:root) NOPASSWD: /etc/init.d/script1 "" Code:
%john ALL=(userserver2) NOPASSWD: /etc/init.d/script1 "" For more on /etc/sudoers see Michael W Lucas' book sudo Mastery or his online presentation based on the book. |
I get this:
john@clientserver:~$ ssh john@server "sudo -u userserver2 ls" sudo: sorry, you must have a tty to run sudo john@clientserverv:~$ ssh john@server "sudo -u userserver2 /bin/bash" sudo: sorry, you must have a tty to run sudo And finally: john@clientserver:~$ ssh john@server"/bin/bash /usr/bin/sudo -u userserver2 ls" /bin/bash: /usr/bin/sudo: Permission denied What can i do please? |
Quote:
You have left off a command parameter that was shown to you. Please examine that recent message from Turbocapitalist to see what you missed and try again. Reading the ssh man page and looking up that parameter might be instructive, but just give it a try first. |
Sorry, i am a complete newbie
|
As a frame of reference what distribution / version are you running.
I assume you are trying to restart some service using a script from a remote computer. To run a command from ssh that requires input you need to use the -t option. ssh -t john@server "sudo /etc/init.d/script1" ssh -t john@server "su -c /etc/init.d/script1" |
THis is the actual situation:
I have no access to root, nor to sudoers file in any server. I have a server that is named server1 (the server). And i have another server2 (the client) In server1 i log in with user operador (it's the only password i have), and i have permission to do: (root) NOPASSWD: /bin/su - sauron So i do : sudo su - sauron , and then when i do: sudo -l , i get: User sauron may run the following commands on this host: (root) NOPASSWD: /etc/init.d/tomcat (root) NOPASSWD: /etc/init.d/romillot So i do : sudo /etc/init.d/romillot [stop/start/status] In server2 i have only the password for operador. I have configured the remote ssh without passwrod, so i am able to do : operador@server2:~/.ssh$ ssh operador@server1 "uname -a" Linux server1 2.6.39-300.17.2.el6uek.x86_64 #1 SMP Wed Nov 7 17:48:36 PST 2012 x86_64 x86_64 x86_64 GNU/Linux operador@es2petvid01v:~/.ssh$ And now I am trying to remotely restart the romillot service (using the ssh without password). So I try to do something like: ssh operator@server1 "sudo su - sauron /etc/init.d/romillot status" But at first i get: sudo: sorry, you must have a tty to run sudo I try other things: operador@server2:~/.ssh$ ssh operador@server1 "/bin/bash sudo su - sauron /etc/init.d/romillot status" /bin/bash: sudo: No such file or directory or operador@server2:~/.ssh$ ssh operador@server1 "/bin/bash /usr/bin/sudo su - sauron /etc/init.d/romillot status" /bin/bash: /usr/bin/sudo: Permission denied As i said , i am a complete newbie :( |
Ok. Thanks for the additional information. As mentioned, su and sudo at the same time are redundant.
Given the current sudoers misconfiguration, you could build the line like this: Code:
sudo -t -l john server "sudo su - userserver2 -c 'sudo /etc/init.d/scritp1'" Either way, please, point the server's system administrator at the sudo: You're Doing It Wrong video. And have them check "man sudo" for the -u option. Currently the chain is three steps long. It can be cut to two steps by eliminating su and simplicity enhances security... |
All times are GMT -5. The time now is 05:20 AM. |