Login or Register to Ask a Question and Join Our Community


UNIX for Advanced & Expert Users

Sudo help needed

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Sudo help needed
# 1  
Old 10-24-2008
Sudo help needed
Scenario: I have two servers, A and B. Server A is using autosys to connect to server B via ssh in order to run scripts. The scripts to be run on server B must be run by user "weblogic".

So what I did was make the autosys user connect with a ssh key from server A to server B. After that I gave sudo permissions to autosys so that it may run commands as weblogic. Here's my excerpt from visudo:
Code:
User_Alias      SU_AUTOSYS = autosys
Cmnd_Alias    AUTOSYS_SU = /usr/bin/su - weblogic
SU_AUTOSYS    ALL = NOPASSWD: AUTOSYS_SU

To further facilitate the automating I wrote a small script (runasweblogic.sh) that should automate the sudo <cmd> process:

Code:
#!/bin/sh
args="$@"
sudo su - weblogic  $args

I am thinking now that server A could connect to server B and run commands as weblogic in this manner:

Code:
ssh serverB "/opt/home/autosys/runasweblogic.sh  /opt/weblogic/whateverscript.sh"

This isn't working at all and is giving errors such as, "Sorry, user autosys is not allowed to execute /usr/bin/su - weblogic /opt/weblogic/whateverscript.sh" as root on serverB

Any ideas? I'm going nuts here...Smilie
Last edited by blane; 10-24-2008 at 12:00 PM..
# 2  
Old 10-24-2008
One more thing. If I login to server B as autosys and run "sudo su - weblogic", it works.
# 3  
Old 10-24-2008
Yeah, if you provide arguments for a particular sudo command to run, it can run only with those arguments. So it probably works just to do "sudo su - weblogic" but any additional arguments make a different command. Add a star to let the command be run with an argument.

But this isn't what you really want. What you really want is sudo configured to run the command as weblogic and bypass su altogether:

Code:
#!/bin/sh
exec sudo -u weblogic -H "$@"

And your sudoers file like:
Code:
ALL    ALL = (weblogic) NOPASSWD: /opt/weblogic/whateverscript.sh

# 4  
Old 10-24-2008
Actually, I went a little further than that just for security, and now it's working.

Here's the entry in the sudoers file now:

Code:
autosys        ALL =(weblogic) /opt/home/autosys/test.sh, /opt/weblogic/wls92/domains/dev05/batch/*.sh, /opt/weblogic/wls92/domains/dev05/*.sh

I removed the others and figured I'd just go this way since you can obviously ensure only certain files are run as weblogic.

Thanks for the assistance! I should have done it this way in the first place. Smilie
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Solaris

Sudo help needed

Hello, I have a wrapper script that I am trying to build/execute, which has two different sub scripts, which run as two separate users. Purpose is to mask the contents of the script and allow the user to execute utlrp.sql, which requires sys level privs to execute. User FORD logs in, and... (5 Replies)
Discussion started by: willyb
5 Replies

2. UNIX for Advanced & Expert Users

Help needed in sudo access

I want to give root access to a user called denielr on server - tsprd01, but do not want to share root password. I have sudoers configured already. He should have all access equal to root. I made this entry in /etc/sudoers, but it is not working denielr tsprd01 =(root) NOPASSWD: ALL I tried to... (2 Replies)
Discussion started by: solaris_1977
2 Replies

3. Shell Programming and Scripting

sudo: sorry, you must have a tty to run sudo

Hi, Have a need to run the below command as a "karuser" from a java class which will is running as "root" user. When we are trying to run the below command from java code getting the below error. Command: sudo -u karuser -s /bin/bash /bank/karunix/bin/build_cycles.sh Error: sudo: sorry,... (8 Replies)
Discussion started by: Satyak
8 Replies

4. Shell Programming and Scripting

sudo: sorry, you must have a tty to run sudo

Hi All, I running a unix command using sudo option inside shell script. Its working well. But in crontab the same command is not working and its throwing "sudo: sorry, you must have a tty to run sudo". I do not have root permission to add or change settings for my userid. I can not even ask... (9 Replies)
Discussion started by: Apple1221
9 Replies

5. Shell Programming and Scripting

ssh foo.com sudo command - Prompts for sudo password as visible text. Help?

I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this: #!/bin/bash rsync /path/on/local/machine/ foo.com:path/on/remote/machine/ ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies

6. Shell Programming and Scripting

Any way to know beforehand if SUDO is (going to be) needed?

I'm using virtual file-system in /proc/ to print out 1) current working directory (CWD): ls /proc/$PID/cwd 2) command line*: cat /proc/$PID/cmdline and 3) # of open files: ls /proc/$PID/fdinfo | wc -l All above snippets are part of printfs. Now, some processes complain about SUDO... (1 Reply)
Discussion started by: courteous
1 Replies

7. AIX

sudo log and sudo auditing

Sudo In AIX, how to find out what commands have been run after a user sudo to another user? for example, user sam run 'sudo -u robert ksh' then run some commands, how can I (as root) find what commands have been run? sudo.log only contains sudo event, no activity logging. (3 Replies)
Discussion started by: jalite19
3 Replies

8. Cybersecurity

sudo /bin/sh or sudo su -

we are looking at changing the way we get root on our network. in our current system if an admin needs root access he just gets the root password and uses an su. some of our staff have decided that a sudo to "/bin/sh" will be easer. some of our staff think a sudo to "su -" will be better. I... (0 Replies)
Discussion started by: robsonde
0 Replies

9. UNIX for Dummies Questions & Answers

Unable to use the Sudo command. "0509-130 Symbol resolution failed for sudo because:"

Hi! I'm very new to unix, so please keep that in mind with the level of language used if you choose to help :D Thanks! When attempting to use sudo on and AIX machine with oslevel 5.1.0.0, I get the following error: exec(): 0509-036 Cannot load program sudo because of the following errors:... (1 Reply)
Discussion started by: Chloe123
1 Replies
Login or Register to Ask a Question