Unix/Linux Go Back    


UNIX for Advanced & Expert Users Expert-to-Expert. Learn advanced UNIX, UNIX commands, Linux, Operating Systems, System Administration, Programming, Shell, Shell Scripts, Solaris, Linux, HP-UX, AIX, OS X, BSD.

One user to su to another without allowing root access and password

UNIX for Advanced & Expert Users


Reply    
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 2 Weeks Ago
pokhraj_d pokhraj_d is offline
Registered User
 
Join Date: Jan 2012
Last Activity: 18 April 2017, 2:14 PM EDT
Posts: 30
Thanks: 1
Thanked 0 Times in 0 Posts
One user to su to another without allowing root access and password

Hello Gurus,
I want One user to su to another without allowing root access and password.
I want to run a specific command as below from user am663:
---------------------------------------------------------

Code:
sudo -u appsprj4 /home/appsrj4/scripts/start_apache.sh

-------------------
But everytime I am facing the below error

Code:
[sudo] password for am663:
sudo: /home/appsrj4/scripts/stop_oacore.sh: command not found

----------
Below is the entry from /etc/sudoers file:
------------------------

Code:
am663   ALL=(appsprj4)          NOPASSWD: /home/appsprj4/scripts/start_apache.sh
am663   ALL=(appsprj4)          NOPASSWD: /home/appsprj4/scripts/stop_apache.sh
am663   ALL=(appsprj4)          NOPASSWD: /home/appsprj4/scripts/start_oacore.sh
am663   ALL=(appsprj4)          NOPASSWD: /home/appsprj4/scripts/stop_oacore.sh
am663   ALL=(appsprj4)          NOPASSWD: /u03/oracle/EBSDEV/fs1/inst/apps/EBSDEV_emaprjebs01/admin/scripts/adapcctl.sh
am663   ALL=(appsprj4)          NOPASSWD: /u03/oracle/EBSDEV/fs1/inst/apps/EBSDEV_emaprjebs01/admin/scripts/admanagedsrvctl.sh

Please advice on this.

Thanks-
Pokhraj
Moderator's Comments:
One user to su to another without allowing root access and password Please use CODE tags (not HTML and ICODE tags) for full line and multi-line sample input, sample output, and code segments.

Last edited by Don Cragun; 2 Weeks Ago at 09:04 AM.. Reason: Change HTML and ICODE tags to CODE tags; add ICODE tags.
Sponsored Links
    #2  
Old Unix and Linux 2 Weeks Ago
jim mcnamara jim mcnamara is offline Forum Staff  
...@...
 
Join Date: Feb 2004
Last Activity: 27 April 2017, 9:04 PM EDT
Location: NM
Posts: 11,027
Thanks: 515
Thanked 1,046 Times in 969 Posts

Code:
sudo -u appsprj4 /home/appsprj4/scripts/start_apache.sh

Note the missing red letter p.
Sponsored Links
    #3  
Old Unix and Linux 2 Weeks Ago
pokhraj_d pokhraj_d is offline
Registered User
 
Join Date: Jan 2012
Last Activity: 18 April 2017, 2:14 PM EDT
Posts: 30
Thanks: 1
Thanked 0 Times in 0 Posts
Awesome.. Thank you very much...

Thanks
Pokhraj
    #4  
Old Unix and Linux 1 Week Ago
pokhraj_d pokhraj_d is offline
Registered User
 
Join Date: Jan 2012
Last Activity: 18 April 2017, 2:14 PM EDT
Posts: 30
Thanks: 1
Thanked 0 Times in 0 Posts
Hello Gurus,
I am having one more issue while running the command.
HTML Code:
sudo -u appstst1 /stage/scripts/git_Code.ksh
When I am running the above command from user am663 all the files are downloaded as below:
HTML Code:
drwxr-xr-x 2 appstst1 oinstall 4096 Apr 18 13:00 FIN_EXT_004
drwxr-xr-x 2 appstst1 oinstall 4096 Apr 18 13:00 FIN_EXT_003
Now when I am trying to change the ownership to oemuser I am facing error as
Quote:
Operation not permitted
HTML Code:
oemuser:oinstall
Is there is any extra configuration I need to add at /etc/sudoers file?

Please advice

Thanks-
Pokhraj Das
Sponsored Links
    #5  
Old Unix and Linux 1 Week Ago
Corona688 Corona688 is offline Forum Staff  
Mead Rotor
 
Join Date: Aug 2005
Last Activity: 27 April 2017, 4:20 PM EDT
Location: Saskatchewan
Posts: 22,097
Thanks: 1,073
Thanked 4,157 Times in 3,847 Posts
An application running as user appstst1 creates files belonging to appstst1, yes.

If the files are not overly large, you can get around this by making copies of the files(which will belong to you) then deleting the originals(you can delete any file in a writable folder you own).
Sponsored Links
    #6  
Old Unix and Linux 1 Week Ago
pokhraj_d pokhraj_d is offline
Registered User
 
Join Date: Jan 2012
Last Activity: 18 April 2017, 2:14 PM EDT
Posts: 30
Thanks: 1
Thanked 0 Times in 0 Posts
Hello ,
Can you please elaborate the concepts please..

Thanks-
Pokhraj Das
Sponsored Links
    #7  
Old Unix and Linux 1 Week Ago
Padow1 Padow1 is offline
Registered User
 
Join Date: Sep 2016
Last Activity: 25 April 2017, 3:07 PM EDT
Posts: 37
Thanks: 0
Thanked 8 Times in 7 Posts
A non-root user cannot change the ownership of someones else's file. One way to solve this problem is to have both users be a member of the same group and allow group access to the files. Since you are using the group oinstall now, you may want to create a separate group for this.

Set the primary group for the account that is executing the download (appstst1 in this case) to that new group so that the files are created with that group ownership. If you want the secondary user to also be able to delete/rename/etc these files then you should also set the umask in the script prior to performing the download


Code:
umask 007

This will set permissions on new files/directories created during that session to 770.
Sponsored Links
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Root access that can't change root password? 244an Ubuntu 2 12-16-2013 06:24 AM
How to give root access to non root user? adisky123 Shell Programming and Scripting 4 04-30-2013 04:09 PM
How to allow access to some commands having root privleges to be run bu non root user suryashikha UNIX for Dummies Questions & Answers 5 10-30-2009 05:46 AM
how to access root priveliges if root password is lost wojtyla Linux 1 02-18-2005 05:24 AM
Allowing access to ports < 1024 w/o root rpollard Security 2 05-09-2002 11:23 AM



All times are GMT -4. The time now is 10:19 PM.