Test 1:
[vendor]$ /usr/local/bin/sudo -u app /u01/app/oracle/product/10.2.0/db_1/bin/sqlplus sudo: /u01/app/oracle/product/10.2.0/db_1/bin/sqlplus: command not found
It failed.
Test 2:
In APP, I created a shell script sql.sh and kept "/u01/app/oracle/product/10.2.0/db_1/bin/sqlplus" inside that:
[vendor]$ /usr/local/bin/sudo -u app /export/home/app/sql.sh cannot access parent directories SQL*Plus: Release 10.2.0.4.0 - Production on Wed Jun 17 12:12:02 2009
Copyright (c) 1982, 2007, Oracle. All Rights Reserved.
Enter user-name:
It ran.
Test 3:
In APP i created a symbolic link to "/u01/app/oracle/product/10.2.0/db_1/bin/sqlplus"
[app]$ ls -l sq lrwxrwxrwx 1 app work 47 Jun 17 11:36 sq -> /u01/app/oracle/product/10.2.0/db_1/bin/sqlplus
[vendor]$ /usr/local/bin/sudo -u app /export/home/app/sq sudo: /export/home/app/sq: command not found
It failed.
[app]$ file /u01/app/oracle/product/10.2.0/db_1/bin/sqlplus /u01/app/oracle/product/10.2.0/db_1/bin/sqlplus: ELF 64-bit MSB executable SPARCV9 Version 1, dynamically linked, not stripped
Is there any way i can make the Test1 and Test3 work ?
Why does it work while inside shell script and not when executed directly ?
sudo does not set secondary groups, only the primary group. You can change which group it uses with the -g option. Getting all the groups is tough. Maybe this will do it...
sudo -u app su - app -c /u01/app/oracle/product/10.2.0/db_1/bin/sqlplus
sudo does not set secondary groups, only the primary group. You can change which group it uses with the -g option. Getting all the groups is tough. Maybe this will do it...
sudo -u app su - app -c /u01/app/oracle/product/10.2.0/db_1/bin/sqlplus
I did another test.
Inside APP home dir, i created a dir called wrk and changed the ownership to oracle:oinstall and using ACL, granted privs to APP on this dir ls -ld wrk/
drwxr-x---+ 2 oracle oinstall 512 Jun 17 16:42 wrk/
The sqlplus is also with the same permission and group setting. I set ACL for this $ORACLE_HOME/bin dir for APP and tried the same from vendor and it failed saying the good old
[vendor]/usr/local/bin/sudo -u app /u01/app/oracle/product/10.2.0/db_1/bin/sqlplus sudo: /u01/app/oracle/product/10.2.0/db_1/bin/sqlplus: command not found
[vendor]
I have heard that solaris ACL would not work on NFS Ver 3.
This /u01 is mounted using NFS V3 and /export/home is local disk.
This could be the reason why it works here and not there.
First, ACL's are support with NFSv3, but if the filesystem type being exported is ZFS, you're out of luck. You'll need NFSv4. Check out the following page for some details.
The issue you're seeing in your test is due to the read bit not being set for world and the user (app) not having oinstall as the primary group. As mentioned by Perderabo, you can use the -g option to select the group. So, try this:
With Solaris 10, you might also want to look at using roles and pfexec. There are many new features in Solaris that can take the place of sudo. (RBAC's, Projects, etc.) If you need to do the same thing on multiple OS' then sudo may be the better way though. You can put sudo on an NFS automount and use the same sudoers throughout your network.
One comment on the sudoers configuration, if you're trying for security, you might want to restrict what commands the user is allowed to execute and definitely don't allow starting a new shell.
Hi, Have a need to run the below command as a "karuser" from a java class which will is running as "root" user. When we are trying to run the below command from java code getting the below error.
Command:
sudo -u karuser -s /bin/bash /bank/karunix/bin/build_cycles.sh
Error:
sudo: sorry,... (8 Replies)
Hi All,
I running a unix command using sudo option inside shell script. Its working well. But in crontab the same command is not working and its throwing
"sudo: sorry, you must have a tty to run sudo". I do not have root permission to add or change settings for my userid. I can not even ask... (9 Replies)
I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this:
#!/bin/bash
rsync /path/on/local/machine/ foo.com:path/on/remote/machine/
ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Sudo In AIX, how to find out what commands have been run after a user sudo to another user? for example, user sam run 'sudo -u robert ksh' then run some commands, how can I (as root) find what commands have been run?
sudo.log only contains sudo event, no activity logging. (3 Replies)
we are looking at changing the way we get root on our network.
in our current system if an admin needs root access he just gets the root password and uses an su.
some of our staff have decided that a sudo to "/bin/sh" will be easer.
some of our staff think a sudo to "su -" will be better.
I... (0 Replies)
Hi! I'm very new to unix, so please keep that in mind with the level of language used if you choose to help :D Thanks!
When attempting to use sudo on and AIX machine with oslevel 5.1.0.0, I get the following error:
exec(): 0509-036 Cannot load program sudo because of the following errors:... (1 Reply)
hi everybody.
please help me in understanding this code.
echo "************* starting job on `date +\"%d/%m/%Y at %T\"` **************"
#
scriptdir=`dirname $0`
. ${scriptdir}/env_params.sh
#
SHLIB_PATH=${ORACLE_HOME}/lib:
export SHLIB_PATH
export... (1 Reply)