04-09-2008
I setup the same scenario and it worked for me on Solaris 8 but with small change.
1. Setup password-less ssh for user "user-A" from box-A to box-B
2. setup the sudoers (/usr/local/etc/sudoers as sudo installed from SMCsudo) on box-B as below:
User_Alias USERA = user-A
Cmnd_Alias SU_USERA = /bin/test_scr.sh
USERA ALL = (ALL) NOPASSWD: SU_USERA
where "/bin/test_scr.sh" would have the below line (root must be the owner of this script)
su - user-B -c "/opt/rah/rah/rah/command.sh"
3. run the below command from box-A as user user-A
ssh box-B "/usr/local/bin/sudo /bin/test_scr.sh"
Note: On box-B, /bin/test_scr.sh will be run as "root" user who in turn "su" to user-B (root -to- user-B does not require any password)
DONE
Prvn
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Having a "running low on coffee" moment here & need help.
On HP 11.11 where is the sudoers file located; I looked every place I could think of and don't see it.
Thanks in advance:confused: (2 Replies)
Discussion started by: dhlopomo
2 Replies
2. Solaris
Hi,
on solaris 10, I have two users : user1 and user2
I want to create User_Alias and Cmnd_Alias to allow them to execute a command without prompting for sudo password.
command I want these users should be able to run is '/usr/bin/su - abcd' . Also user1 and 2 need not type the 'abcd'... (6 Replies)
Discussion started by: upengan78
6 Replies
3. UNIX for Advanced & Expert Users
We have users that have a # in their username. Sudo is working on some servers and not others. I have narrowed it down to the # in their username. Any suggestions or ideas why it is working on 1 server but not another.
Server not working is - Solaris 10 patch level 138888-01
Server working is ... (1 Reply)
Discussion started by: Gibby13
1 Replies
4. UNIX for Advanced & Expert Users
I'm stuck with a dilemma. I am trying to control userid's access to the su command in such a way that he will not be able to su to root (su, su -, su root, su - root) but he will be able to su to any other user. I have tried the following syntax:
userid ALL=/usr/bin/su ?*, !/usr/bin/su *root*... (2 Replies)
Discussion started by: chuckuykendall
2 Replies
5. UNIX for Dummies Questions & Answers
i just installed/configured apache2.0 on my own aix5.3 mini server. i can start/stop apache by root, but i want to start it under my login id(admin) instead.
i need to execute this command:
/usr/bin/sudo /usr/IBM/HTTPServer/bin/apachectl stop/start. (5 Replies)
Discussion started by: tjmannonline
5 Replies
6. UNIX and Linux Applications
Greetings!! I am attempting to solve a rather thorny issue and I was hoping that someone might have some insight into what is going on here..
At this point I have an openLDAP server that is working quite splendidly! :)
I have a working directory with users able to authenticate it and TLS... (2 Replies)
Discussion started by: bluethundr
2 Replies
7. Solaris
this is for the first time i am going to use sudoers i want know how to create sudoers and giving privileges for that users
thanks in advance
dinu (6 Replies)
Discussion started by: dinu
6 Replies
8. Solaris
what is the configuration file for sudo? can we edit it as like other file or will it create any adverse effect on editing that file?
thanks in advance
dinu (1 Reply)
Discussion started by: dinu
1 Replies
9. Solaris
In the sudoers file in Solaris...
I am trying to limit the DEVELOPER user privileges to where those users can only use the “rm” command in certain directories. This is to prevent them from deleting directories or files and destroying a server. I want them to be able to use the "rm" command but... (1 Reply)
Discussion started by: nzonefx
1 Replies
10. Solaris
Having a bit of a discussion with a software vendor about this. Can anyone confirm my understanding?
/etc/sudoers file example:-
user1 server1 = NOPASSWD:/usr/bin/ls -l
user1 server1 = NOPASSWD:/usr/bin/file
But then the following command fails (logged in on server 1 as user1) because... (2 Replies)
Discussion started by: psychocandy
2 Replies
SETUID(1) General Commands Manual SETUID(1)
NAME
setuid - run a command with a different uid.
SYNOPSIS
setuid username|uid command [ args ]
DESCRIPTION
Setuid changes user id, then executes the specified command. Unlike some versions of su(1), this program doesn't ever ask for a password
when executed with effective uid=root. This program doesn't change the environment; it only changes the uid and then uses execvp() to find
the command in the path, and execute it. (If the command is a script, execvp() passes the command name to /bin/sh for processing.)
For example,
setuid some_user $SHELL
can be used to start a shell running as another user.
Setuid is useful inside scripts that are being run by a setuid-root user -- such as a script invoked with super, so that the script can
execute some commands using the uid of the original user, instead of root. This allows unsafe commands (such as editors and pagers) to be
used in a non-root mode inside a super script. For example, an operator with permission to modify a certain protected_file could use a
super command that simply does:
cp protected_file temp_file
setuid $ORIG_USER ${EDITOR:-/bin/vi} temp_file
cp temp_file protected_file
(Note: don't use this example directly. If the temp_file can somehow be replaced by another user, as might be the case if it's kept in a
temporary directory, there will be a race condition in the time between editing the temporary file and copying it back to the protected
file.)
AUTHOR
Will Deich
local SETUID(1)