Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Sudo help needed
Operating Systems Solaris Sudo help needed Post 302987252 by willyb on Wednesday 7th of December 2016 02:35:25 PM
Old 12-07-2016
Sudo help needed
Hello,
I have a wrapper script that I am trying to build/execute, which has two different sub scripts, which run as two separate users.
Purpose is to mask the contents of the script and allow the user to execute utlrp.sql, which requires sys level privs to execute.

User FORD logs in, and executes the wrapper script, wrapper.sh
The wrapper script presents it's content in menu format. Here is what the wrapper.sh
  1. execute one.sql
  2. execute two.sql and three.sql
  3. execute three.sql


A
one.sql
requires no specific credentials
B
two.sql
REQUIRES FORD credentials to execute.
has logid check at beginning and kicks you out if you aren't the FORD user.
three.sql
requires "ORACLE" credentials to log in and execute utilrp.sql -- which requires to log in as sys for execution.
C
three.sql
Same as above, but only runs the utlrp.sql script.


So I edited sudousers (VISUDO) to implement the neccessary privs. (shown in RED)

Code:
## Runas alias
Runas_Alias     DB = oracle
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
 
 
## Uncomment to allow members of group sudo to execute any command
# %sudo ALL=(ALL) ALL
 
 
## Uncomment to allow any user to run sudo if they know the password
## of the user they are running the command as (root by default).
# Defaults targetpw  # Ask for the password of the target user
# ALL ALL=(ALL) ALL  # WARNING: only use this together with 'Defaults targetpw'
 
 
## Read drop-in files from /usr/local/etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /usr/local/etc/sudoers.d
FORD ALL = (ALL) NOPASSWD: /export/home/oracle/wrapper.sh
FORD ALL = (DB) NOPASSWD: /oracle/12c/bin/sqlplus
(I have also tried the second entry NOT using runas_alias with exact same results)
 
If I execute a sudo -l from the command line, it shows:
$ sudo -l
User ford may run the following commands on falcon:
    (ALL) NOPASSWD: /export/home/oracle/wrapper.sh
    (oracle) NOPASSWD: /oracle/12c/bin/sqlplus

Here is where I'm stuck. From my understanding, for the user to execute this via the sudo functionality, the main wrapper command would be executed as such:
sudo wrapper.sh. It prompts me for the menu as desired. When I choose A, it doesn't see user FORD...and kicks me out.
When I choose B or C, it works fine. It executes the second one fine, and logs in as sys executing the utlrp.sql.

So my question is this: Is there a way to configure the sudo set up so that user FORD executes the wrapper, passes user FORD to menu item A, but only passes it's self as the ORACLE user to menu items B or C for the sake of sqlplus as sys?

Thanks.
Last edited by rbatte1; 12-09-2016 at 10:35 AM.. Reason: Converted to formatted letter number-list
This User Gave Thanks to willyb For This Post:
 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Sudo help needed

Scenario: I have two servers, A and B. Server A is using autosys to connect to server B via ssh in order to run scripts. The scripts to be run on server B must be run by user "weblogic". So what I did was make the autosys user connect with a ssh key from server A to server B. After that I... (3 Replies)
Discussion started by: blane
3 Replies

2. UNIX for Dummies Questions & Answers

Unable to use the Sudo command. "0509-130 Symbol resolution failed for sudo because:"

Hi! I'm very new to unix, so please keep that in mind with the level of language used if you choose to help :D Thanks! When attempting to use sudo on and AIX machine with oslevel 5.1.0.0, I get the following error: exec(): 0509-036 Cannot load program sudo because of the following errors:... (1 Reply)
Discussion started by: Chloe123
1 Replies

3. Cybersecurity

sudo /bin/sh or sudo su -

we are looking at changing the way we get root on our network. in our current system if an admin needs root access he just gets the root password and uses an su. some of our staff have decided that a sudo to "/bin/sh" will be easer. some of our staff think a sudo to "su -" will be better. I... (0 Replies)
Discussion started by: robsonde
0 Replies

4. AIX

sudo log and sudo auditing

Sudo In AIX, how to find out what commands have been run after a user sudo to another user? for example, user sam run 'sudo -u robert ksh' then run some commands, how can I (as root) find what commands have been run? sudo.log only contains sudo event, no activity logging. (3 Replies)
Discussion started by: jalite19
3 Replies

5. Shell Programming and Scripting

Any way to know beforehand if SUDO is (going to be) needed?

I'm using virtual file-system in /proc/ to print out 1) current working directory (CWD): ls /proc/$PID/cwd 2) command line*: cat /proc/$PID/cmdline and 3) # of open files: ls /proc/$PID/fdinfo | wc -l All above snippets are part of printfs. Now, some processes complain about SUDO... (1 Reply)
Discussion started by: courteous
1 Replies

6. Shell Programming and Scripting

ssh foo.com sudo command - Prompts for sudo password as visible text. Help?

I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this: #!/bin/bash rsync /path/on/local/machine/ foo.com:path/on/remote/machine/ ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies

7. Shell Programming and Scripting

sudo: sorry, you must have a tty to run sudo

Hi All, I running a unix command using sudo option inside shell script. Its working well. But in crontab the same command is not working and its throwing "sudo: sorry, you must have a tty to run sudo". I do not have root permission to add or change settings for my userid. I can not even ask... (9 Replies)
Discussion started by: Apple1221
9 Replies

8. Shell Programming and Scripting

sudo: sorry, you must have a tty to run sudo

Hi, Have a need to run the below command as a "karuser" from a java class which will is running as "root" user. When we are trying to run the below command from java code getting the below error. Command: sudo -u karuser -s /bin/bash /bank/karunix/bin/build_cycles.sh Error: sudo: sorry,... (8 Replies)
Discussion started by: Satyak
8 Replies

9. UNIX for Advanced & Expert Users

Help needed in sudo access

I want to give root access to a user called denielr on server - tsprd01, but do not want to share root password. I have sudoers configured already. He should have all access equal to root. I made this entry in /etc/sudoers, but it is not working denielr tsprd01 =(root) NOPASSWD: ALL I tried to... (2 Replies)
Discussion started by: solaris_1977
2 Replies
All times are GMT -4. The time now is 10:54 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy