[ale] sudo for a group to user how to please
Alex Carver
agcarver+ale at acarver.net
Tue Mar 31 19:43:44 EDT 2015
What is this going to get you? If they can become the vips user then
they can go up one more link in the chain and be root for anything.
You're gaining nothing by allowing them to become the unrestricted vips
user. You might as well give them direct sudo access.
On 2015-03-31 16:40, Narahari 'n' Savitha wrote:
> Friends:
>
> Thank You folks for your time and reading this email.
>
> Here is the scenario
>
> I have a machine with a user call vips
>
> This vips user has sudo on the box to do pretty much anything
> vips ALL = (ALL) NOPASSWD:ALL
>
> I have two other users narahari and zikka
>
> narahari and zikka belong to puppet-folks user group
>
> pupppet-folks:x:2100:narahari,zikka
>
>
> The entry in the sudoers file is
> %pupppet-folks ALL = (vips) ALL
>
> .......
>
> When I login as narahari on to the box, and I try the following command
>
> narahari at cdl-pid-c1-02:~> sudo su -u virtual
> narahari's password:
> Sorry, user narahari is not allowed to execute '/bin/su -u virtual' as root
> on cdl-pid-c1-02.
>
> I am at a loss. The idea is that either narahari or zikka logs in they
> should be able to get to a shell for the vips user.
>
> If not the shell, at least something like sudo su -u vips bash -c
> "/home/vips/cool/loveTheWorld.sh"
>
> Please provide some thoughts or if I am going about this the wrong way
> correct me please.
>
> -Narahari
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
More information about the Ale
mailing list