Then I try to run the compile commands using sudo -u. And it fails.
I'm not an experienced bash user. But I realized that some environment variables doesn't come from anotheruser but from the login user that starts the command sudo -u. So when I run (as login user)
the id of the login user is returned and not the id of anotheruser. Why?
Any hints are welcome. Kind regards.
You should be using code tags to separate the code fragments from the rest of your post.
The problem is you are doing:
which is a completely superfluous use of echo in this case. It looks to me as though the part in back-ticks (`id -u`) is being processed by the parent shell before being sent to the sudo sub-process. Try
instead.
Hi
Say I am running a script using my user id csaha. How can I run any specific command in the same sctipr using any other user id (say root). Definitely I have the password of root. Any idea how the same can be achieved ???
Example:
I need to run a script using my id (csaha) only on... (4 Replies)
Hello all
my project is contains 2 directories, 2 directories are building library and one for the executable that using the libes from the other 2
Now what im doing is compiling first the 2 libs directories and then the main directory. But I will like to automate the process and to be able ... (0 Replies)
Hello all
i found out about the sar command but when looking in the man pages
there is no way to make sar working for ever .. only
with some kind of interval . like sar 2 30 .
my question is can i just run sar for ever ? (5 Replies)
hi gurus,
i have a question:
when run which javac under a user account I got the following results:
PROD DB Server: /usr/java14/bin/javac
DR DB Server: /usr/java14/bin/javac
DEV DB Server: /usr/java5_64/bin/javac
The .profile in all environments are same.
so how do know who is the... (1 Reply)
Good morning. I am searching for "how-to"'s for some particular questions:
1. How to write a script in HP-UX 11.
2. How to schedule a script.
3. How to "call" scripts from the original script.
4. How to su to another user from within a script.
This is the basics of what the... (15 Replies)
Hello All,
I am working on UNIX like environment. This environment is ported from UNIX. Here when we need to build product set, we need to run some script with super user privledge (which we normal user dont have)
Is there any way (some C program or some script) through which any normal... (2 Replies)
I am trying to run make command on 200000 files in HP UX but it refuses to compile giving a message that " command line is too long .stop" I checked and found out that there is a limit imposed by the operating system on the command line .for Eg refer following link :
The maximum length of... (6 Replies)
I have just installed OpenBSD on a 333MHz PPC iMac G3. It has a 6GB HDD that has been partitioned as 1GB MacOS 8.5.1, 3GB MacOS X 10.3.9, 2GB OpenBSD 4.8. I now need to install a bootloader so that my computer can recognize the OpenBSD partition at startup. I have been trying to install... (0 Replies)
I need to write a script, where I have to get names of files that are to be deleted from a user and have to delete those files when he exits session.
How to set a particular command to be run as soon as user exits from a session?
Can somebody help?
I have to write a script on linux system.... (3 Replies)
Hi ,
I would like to know, whether if it is possible or not.
I am runing one tuxedo command script. This script should run on another userID and stored the data on another UserID.
For Example:
UserA : The Script is available in this userID location. .
If i run that script then it... (3 Replies)
Discussion started by: Mani_apr08
3 Replies
LEARN ABOUT CENTOS
sssd-sudo
SSSD-SUDO(5) File Formats and Conventions SSSD-SUDO(5)NAME
sssd-sudo - Configuring sudo with the SSSD back end
DESCRIPTION
This manual page describes how to configure sudo(8) to work with sssd(8) and how SSSD caches sudo rules.
CONFIGURING SUDO TO COOPERATE WITH SSSD
To enable SSSD as a source for sudo rules, add sss to the sudoers entry in nsswitch.conf(5).
For example, to configure sudo to first lookup rules in the standard sudoers(5) file (which should contain rules that apply to local users)
and then in SSSD, the nsswitch.conf file should contain the following line:
sudoers: files sss
More information about configuring the sudoers search order from the nsswitch.conf file as well as information about the LDAP schema that
is used to store sudo rules in the directory can be found in sudoers.ldap(5).
Note: in order to use netgroups or IPA hostgroups in sudo rules, you also need to correctly set nisdomainname(1) to your NIS domain name
(which equals to IPA domain name when using hostgroups).
CONFIGURING SSSD TO FETCH SUDO RULES
All configuration that is needed on SSSD side is to extend the list of services with "sudo" in [sssd] section of sssd.conf(5). To speed up
the LDAP lookups, you can also set search base for sudo rules using ldap_sudo_search_base option.
The following example shows how to configure SSSD to download sudo rules from an LDAP server.
[sssd]
config_file_version = 2
services = nss, pam, sudo
domains = EXAMPLE
[domain/EXAMPLE]
id_provider = ldap
sudo_provider = ldap
ldap_uri = ldap://example.com
ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
When the SSSD is configured to use IPA as the ID provider, the sudo provider is automatically enabled. The sudo search base is configured
to use the compat tree (ou=sudoers,$DC).
THE SUDO RULE CACHING MECHANISM
The biggest challenge, when developing sudo support in SSSD, was to ensure that running sudo with SSSD as the data source provides the same
user experience and is as fast as sudo but keeps providing the most current set of rules as possible. To satisfy these requirements, SSSD
uses three kinds of updates. They are referred to as full refresh, smart refresh and rules refresh.
The smart refresh periodically downloads rules that are new or were modified after the last update. Its primary goal is to keep the
database growing by fetching only small increments that do not generate large amounts of network traffic.
The full refresh simply deletes all sudo rules stored in the cache and replaces them with all rules that are stored on the server. This is
used to keep the cache consistent by removing every rule which was deleted from the server. However, full refresh may produce a lot of
traffic and thus it should be run only occasionally depending on the size and stability of the sudo rules.
The rules refresh ensures that we do not grant the user more permission than defined. It is triggered each time the user runs sudo. Rules
refresh will find all rules that apply to this user, check their expiration time and redownload them if expired. In the case that any of
these rules are missing on the server, the SSSD will do an out of band full refresh because more rules (that apply to other users) may have
been deleted.
If enabled, SSSD will store only rules that can be applied to this machine. This means rules that contain one of the following values in
sudoHost attribute:
o keyword ALL
o wildcard
o netgroup (in the form "+netgroup")
o hostname or fully qualified domain name of this machine
o one of the IP addresses of this machine
o one of the IP addresses of the network (in the form "address/mask")
There are many configuration options that can be used to adjust the behavior. Please refer to "ldap_sudo_*" in sssd-ldap(5) and "sudo_*" in
sssd.conf(5).
SEE ALSO sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-sudo(5),sss_cache(8), sss_debuglevel(8),
sss_groupadd(8), sss_groupdel(8), sss_groupshow(8), sss_groupmod(8), sss_useradd(8), sss_userdel(8), sss_usermod(8), sss_obfuscate(8),
sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8),pam_sss(8).
AUTHORS
The SSSD upstream - http://fedorahosted.org/sssd
SSSD 06/17/2014 SSSD-SUDO(5)