Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Sudoers problems.
Top Forums UNIX for Advanced & Expert Users Sudoers problems. Post 302181870 by blane on Friday 4th of April 2008 10:48:19 AM
Old 04-04-2008
Sudoers problems.
Hi!

I'm trying to come up with a way for me to automate some processes. I have to do this via ssh. What I'm trying to do is have "box A" connect to "box B" as "user A" and execute a command as "user B" (sudoer). It needs to be done this way because of auditing and security policy. This is on Solaris 8

Here's how I have it setup now:

Box A has connectivity to box B
User A has logins on both box A and box B
User A connects to box B from box A and sudo's to user B

Here's what I have in the sudoers file:

User_Alias USERA = userA
Cmnd_Alias SU_USERA = /usr/bin/su - userB
USERA ALL = NOPASSWD: SU_USERA


So, I connect to box A and type:
ssh -t boxB "sudo su - userB /opt/rah/rah/rah/command.sh" >> /some/log/dir

It either doesn't change the user or it asks for a password. The script keeps a log in a directory owned by userB and, if it doesn't change the user, it says "cannot create, permission denied". Otherwise it sits there asking for a password. I've tried putting the full command in sudoers and that doesn't work. Anyone have ideas? Btw, this will eventually be put under Autosys control.

Thanks!
Last edited by blane; 04-04-2008 at 02:57 PM..
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

sudoers on HP 11.11

Having a "running low on coffee" moment here & need help. On HP 11.11 where is the sudoers file located; I looked every place I could think of and don't see it. Thanks in advance:confused: (2 Replies)
Discussion started by: dhlopomo
2 Replies

2. Solaris

sudoers and sudo

Hi, on solaris 10, I have two users : user1 and user2 I want to create User_Alias and Cmnd_Alias to allow them to execute a command without prompting for sudo password. command I want these users should be able to run is '/usr/bin/su - abcd' . Also user1 and 2 need not type the 'abcd'... (6 Replies)
Discussion started by: upengan78
6 Replies

3. UNIX for Advanced & Expert Users

Usernames in Sudoers have #

We have users that have a # in their username. Sudo is working on some servers and not others. I have narrowed it down to the # in their username. Any suggestions or ideas why it is working on 1 server but not another. Server not working is - Solaris 10 patch level 138888-01 Server working is ... (1 Reply)
Discussion started by: Gibby13
1 Replies

4. UNIX for Advanced & Expert Users

sudoers syntax

I'm stuck with a dilemma. I am trying to control userid's access to the su command in such a way that he will not be able to su to root (su, su -, su root, su - root) but he will be able to su to any other user. I have tried the following syntax: userid ALL=/usr/bin/su ?*, !/usr/bin/su *root*... (2 Replies)
Discussion started by: chuckuykendall
2 Replies

5. UNIX for Dummies Questions & Answers

sudoers

i just installed/configured apache2.0 on my own aix5.3 mini server. i can start/stop apache by root, but i want to start it under my login id(admin) instead. i need to execute this command: /usr/bin/sudo /usr/IBM/HTTPServer/bin/apachectl stop/start. (5 Replies)
Discussion started by: tjmannonline
5 Replies

6. UNIX and Linux Applications

Problems Hooking Sudoers into PAM/LDAP

Greetings!! I am attempting to solve a rather thorny issue and I was hoping that someone might have some insight into what is going on here.. At this point I have an openLDAP server that is working quite splendidly! :) I have a working directory with users able to authenticate it and TLS... (2 Replies)
Discussion started by: bluethundr
2 Replies

7. Solaris

sudoers

this is for the first time i am going to use sudoers i want know how to create sudoers and giving privileges for that users thanks in advance dinu (6 Replies)
Discussion started by: dinu
6 Replies

8. Solaris

sudoers

what is the configuration file for sudo? can we edit it as like other file or will it create any adverse effect on editing that file? thanks in advance dinu (1 Reply)
Discussion started by: dinu
1 Replies

9. Solaris

Sudoers file

In the sudoers file in Solaris... I am trying to limit the DEVELOPER user privileges to where those users can only use the “rm” command in certain directories. This is to prevent them from deleting directories or files and destroying a server. I want them to be able to use the "rm" command but... (1 Reply)
Discussion started by: nzonefx
1 Replies

10. Solaris

Sudoers

Having a bit of a discussion with a software vendor about this. Can anyone confirm my understanding? /etc/sudoers file example:- user1 server1 = NOPASSWD:/usr/bin/ls -l user1 server1 = NOPASSWD:/usr/bin/file But then the following command fails (logged in on server 1 as user1) because... (2 Replies)
Discussion started by: psychocandy
2 Replies

LEARN ABOUT SUNOS

ssh-socks5-proxy-connect

ssh-socks5-proxy-connect(1)					   User Commands				       ssh-socks5-proxy-connect(1)

NAME

       ssh-socks5-proxy-connect - Secure Shell proxy for SOCKS5

SYNOPSIS

       /usr/lib/ssh/ssh-socks5-proxy-connect [-h socks5_proxy_host] [-p socks5_proxy_port] connect_host connect_port

DESCRIPTION

       A proxy command for ssh(1) that uses SOCKS5 (RFC 1928). Typical use is where connections external to a network are only allowed via a socks
       gateway server.

       This proxy command does not provide any of the SOCKS5 authentication mechanisms defined in RFC 1928. Only anonymous connections are  possi-
       ble.

OPTIONS

       The following options are supported:

       -h socks5_proxy_host    Specifies the proxy web server through which to connect. Overrides the SOCKS5_SERVER environment variable.

       -p socks5_proxy_port    Specifies  the  port  on  which	the  proxy  web  server  runs. If not specified, port 80 is assumed. Overrides the
			       SOCKS5_PORT environment variable.

OPERANDS

       The following operands are supported:

       socks5_proxy_host       The host name or IP address (IPv4 or IPv6) of the proxy.

       socks5_proxy_port       The numeric port number to connect to on socks5_proxy_host.

       connect_host	       The name of the remote host to which the socks gateway is to connect you.

       connect_port	       The numeric port number of the socks gateway to connect you to on connect_host.

EXAMPLES

       The recommended way to use a proxy connection command is to configure the ProxyCommand in ssh_config(4) (see  Example  1  and  Example  2).
       Example 3 shows how the proxy command can be specified on the command line when running ssh(1).

       Example 1: Setting the proxy from the environment

       The following example uses ssh-socks5-proxy-connect in ssh_config(4) when the proxy is set from the environment:

       Host playtime.foo.com
	   ProxyCommand /usr/lib/ssh/ssh-socks5-proxy-connect 
	       playtime.foo.com 22

       Example 2: Overriding proxy environment variables

       The following example uses ssh-socks5-proxy-connect in ssh_config(4) to override (or if not set) proxy environment variables:

       Host playtime.foo.com
	   ProxyCommand /usr/lib/ssh/ssh-socks5-proxy-connect -h socks-gw 
	       -p 1080 playtime.foo.com 22

       Example 3: Using the command line

       The following example uses ssh-socks5-proxy-connect from the ssh(1) command line:

       example$ ssh -o'ProxyCommand=/usr/lib/ssh/ssh-socks5-proxy-connect 
	   -h socks-gw -p 1080 playtime.foo.com 22' playtime.foo.com

ENVIRONMENT VARIABLES

       SOCKS5_SERVER	       Takes socks5_proxy_host operand to specify the default proxy host.

       SOCKS5_PORT	       Takes socks5_proxy_port	operand to specify the default proxy port.

EXIT STATUS

       The following exit values are returned:

       0	Successful completion.

       1	An error occurred.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWsshu			   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Stable			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       ssh(1), ssh-http-proxy-connect(1), ssh_config(4), attributes(5)

SunOS 5.10							    30 Oct 2002 				       ssh-socks5-proxy-connect(1)
All times are GMT -4. The time now is 04:44 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy