[ale] sudo frustrations, help please

Jim Kinney jim.kinney at gmail.com
Tue Aug 25 11:52:50 EDT 2015 

Add a script that is basically a su teamsys -c 'stuff' and set sudo to
allow only group teamsys to excecute that script. Make the script set gid
teamsys.
On Aug 25, 2015 11:36 AM, "Narahari 'n' Savitha" <savithari at gmail.com>
wrote:

> If I did  that I am allowing narahari and robert who are members of
> teamsysuser group to be able to run commands as themselves and I am not
> allowed to do that.
>
> All installs and system work has to be done as user teamsysuser only but
> teamsysuser is not a loginable account.
>
>
>
> On Tue, Aug 25, 2015 at 11:27 AM, Jim Kinney <jim.kinney at gmail.com> wrote:
>
>> Create a Linux group teamsysuser and add users to that group. In sudoers
>> file
>>
>> @teamsysusers ALL(ALL) NOPASSWD:ALL
>>
>> Or shortcut all of this and add them to the WHEEL group (on RHEL-like
>> systems) and uncomment the WHEEL line in sudoers file.
>>
>> On Tue, 2015-08-25 at 11:18 -0400, Narahari 'n' Savitha wrote:
>>
>> Here is the scenario I am trying to solve.
>>
>> teamsysuer => system account  without a shell but has the following entry
>> in sudoers file
>>
>> teamssysuser ALL(ALL) NOPASSWD:ALL
>>
>> ========================
>>
>> narahari => regular user
>> robert => regular user
>>
>> ========================
>>
>> We want to be able to allow
>> narahari and robert run commands as themselves and teamsysuser only.
>>
>> I have done some playing around sudoers file
>>
>> User_Alias      ALL_MY_USERS = narahari robert
>> Runas_Alias     TEAM_SYS_USER = teamssysuser
>>
>> ......
>> .......
>> ....
>> ......
>> ......
>>
>> teamssysuser ALL=(ALL) NOPASSWD: ALL
>>
>> ALL_MY_USERS    ALL = (TEAM_SYS_USER) NOPASSWD:ALL
>>
>> =================================
>>
>> I am not sure if this is the right approach or conceptually am I wrong ?
>>
>> -N
>>
>> _______________________________________________
>> Ale mailing listAle at ale.orghttp://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists athttp://mail.ale.org/mailman/listinfo
>>
>> --
>> James P. Kinney III
>>
>> Every time you stop a school, you will have to build a jail. What you
>> gain at one end you lose at the other. It's like feeding a dog on his
>> own tail. It won't fatten the dog.
>> - Speech 11/23/1900 Mark Twain
>> http://heretothereideas.blogspot.com/
>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20150825/66a7a2aa/attachment.html>

More information about the Ale mailing list