Hi!

I'm trying to come up with a way for me to automate some processes. I have to do this via ssh. What I'm trying to do is have "box A" connect to "box B" as "user A" and execute a command as "user B" (sudoer). It needs to be done this way because of auditing and security policy. This is on Solaris 8

Here's how I have it setup now:

Box A has connectivity to box B
User A has logins on both box A and box B
User A connects to box B from box A and sudo's to user B

Here's what I have in the sudoers file:

User_Alias USERA = userA
Cmnd_Alias SU_USERA = /usr/bin/su - userB
USERA ALL = NOPASSWD: SU_USERA


So, I connect to box A and type:
ssh -t boxB "sudo su - userB /opt/rah/rah/rah/command.sh" >> /some/log/dir

It either doesn't change the user or it asks for a password. The script keeps a log in a directory owned by userB and, if it doesn't change the user, it says "cannot create, permission denied". Otherwise it sits there asking for a password. I've tried putting the full command in sudoers and that doesn't work. Anyone have ideas? Btw, this will eventually be put under Autosys control.

Thanks!