Login or Register to Ask a Question and Join Our Community


UNIX for Advanced & Expert Users

Sudoers in complex scenario

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Sudoers in complex scenario
# 1  
Old 08-16-2013
Sudoers in complex scenario
Hi Unix experts. I got a quite complex sudoers scenario that I want to acheive. Hope someone could help.

Here's the setup:

3 linux servers: "server1", "server2" and "server3".
3 users: "user1", "user2" and "user3"
3 services running on 3 servers: "apache", "squid" and "sendmail"

Now here's what I want to achieve:

I want the 3 users to switch user to "apache_admin", "squid_admin" and "sendmail_admin".

The switch user is only allowed to the 3 linux servers. the sudoers file is being distributed to all servers and those servers is not listed above.

once the user successfully switch user to apache_admin" or "squid_admin" or "sendmail_admin, then he can restart the apache start/stop script or squid start/stop script and sendmail.

anyone got a good approach to archive this?

thanks a lot.
# 2  
Old 08-16-2013
This may help point you in the right direction:

Code:
Create a group for these users and add them to it:
i.e.
wwwadmins = user1,user2,user3

In the /etc/sudoers file add the following entries.

Give the group permissions to run commands as specific users (using apache
as an example):

Require Password
%wwwadmins ALL=(apache_admin) /usr/sbin/apachectl

Password-less
%wwwadmins ALL=(www_admin) NOPASSWD: /usr/sbin/apachectl

Save the file. 

To verify run:

sudo -l
User user1 may run the following commands on this host:
    (apache_admin) /usr/sbin/apachectl

Then to run the command:

sudo -u apache_admin /usr/sbin/apachectl

Hope this helps.
These 2 Users Gave Thanks to in2nix4life For This Post:
cwiggler rbatte1
# 3  
Old 08-17-2013
Hi in2nix4life, thanks a lot for the very good example on how to achieve my goal.

I have few question that I would like to ask, would it be possible if I don't create a group but instead use the User_Alias and add users into it?

I also want the users to only execute the command in 3 servers. I do have 20 servers at all and the sudoers file is being distributed to all. How would I achieve that? would it be possible to use Host_Alias?

Would this work?

Code:
User_Alias WWWADMINS = user1, user2, user3
Host_Alias SERVERS = server1, server2, server3

WWWADMINS SERVERS=(apache_admin) /usr/sbin/apachectl
WWWADMINS SERVERS=(apache_admin) NOPASSWD: /usr/sbin/apachectl


Quote:
Originally Posted by in2nix4life
This may help point you in the right direction:

Code:
Create a group for these users and add them to it:
i.e.
wwwadmins = user1,user2,user3

In the /etc/sudoers file add the following entries.

Give the group permissions to run commands as specific users (using apache
as an example):

Require Password
%wwwadmins ALL=(apache_admin) /usr/sbin/apachectl

Password-less
%wwwadmins ALL=(www_admin) NOPASSWD: /usr/sbin/apachectl

Save the file. 

To verify run:

sudo -l
User user1 may run the following commands on this host:
    (apache_admin) /usr/sbin/apachectl

Then to run the command:

sudo -u apache_admin /usr/sbin/apachectl

Hope this helps.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Logic help with Scenario

Hello Folks I am looking for logic help for below scenerio with respect to AIX n unix script 1) We need to get the date of all the saturday in yr 2) L_o left over days is weeks left over days for previous month for eg. first sat of feb is 4th of feb in that week we have 29 - 30 - 31 from Jan... (2 Replies)
Discussion started by: joshiamit
2 Replies

2. Emergency UNIX and Linux Support

Help in below scenario

Hi, my file has the data like below: 11,231,ABCVAV 22,AAHJHAj22,hdsjkhdls 22,dhskjhdkshd 22,gdgkdkadh 11,232,dgsjgdjh 22,ghdskahdkja 22,shdkajshs 11,233,ddjs 22,dhjkahkd 22,hsajhaah 11,231,sjkjsjj 22,ahkh 22,hsakh From the above i need only the records which starts as 11,231... (5 Replies)
Discussion started by: pandeesh
5 Replies

3. Shell Programming and Scripting

Challenging scenario

Hi, My input file contains 1,2 2,4 3,6 4,9 9,10 My expected output is 1,10 2,10 3,6 4,1 9,10 (6 Replies)
Discussion started by: pandeesh
6 Replies

4. Shell Programming and Scripting

How to implement scenario?

hi, i am having three files which is having following data file1: field1 field2 field3 1 A B 2 C D 3 E F file2: 4 G H 1 I J 5 K L file3: 4 M N (3 Replies)
Discussion started by: angel12345
3 Replies

5. Shell Programming and Scripting

How to Script This Scenario

hi all, i have to schedule an email containing the information about some orphan connections existing on the server depending upon the system date. the format of the info to be sent in email is : Process id username servername time when connection... (0 Replies)
Discussion started by: Priyanka S
0 Replies

6. Shell Programming and Scripting

How to use IFS in this scenario?

Given the scenario like this, if at all if have to use IFS on the below given example, how it should be used. IFS=/ eg: /xyz/123/348/file1 I want to use the last slash /file1 . So can anyone, suggest me how to pick the last "/" as a IFS. (4 Replies)
Discussion started by: raghunsi
4 Replies

7. Shell Programming and Scripting

SFTP scenario

#!/usr/bin/ksh Archive_Dir='/apps/SrcFiles/MTCHG_GFTS/BRGR/Archive' Source_Dir='/apps/SrcFiles/MTCHG_GFTS/BRGR' cd $Source_Dir HOST='xyz.abc.com' USER='abcOUT' PSW='xyzOUT' file="Request*.pgp" for i in 1 2 3 4 5 6 do sftp $USER@$HOST <<END_SCRIPT $PSW bin if ] ; then ... (3 Replies)
Discussion started by: alfredo123
3 Replies

8. Shell Programming and Scripting

file sending scenario

hi all i have a view in the database with columns prod_no,prod_nm, prod_code using a shell script i should query this view and dump the data in a delimited flat file and send to another ftp server.... i also have to schedule this periodically using cron tab. can you... (2 Replies)
Discussion started by: rajesh_tns
2 Replies

9. Ubuntu

ftp gateway scenario

I currently have Win 2003 setup with a server residing in the DMZ as a gateway forwarding ftp traffic via port 44000 to the ftp server behind the firewall. I want to setup the same with RedHat Linux. Need information on what software module would duplicate the above, and pass all ftp/sftp/ssl... (1 Reply)
Discussion started by: cdlvj
1 Replies

10. UNIX for Advanced & Expert Users

Weird scenario with Awk

Guys, this one is rather odd. I've got an array of numbers, and I'm trying to select only the records with the string "Random" in the 4th column. I'm using awk in this format: awk '{ if (( $6 -eq Random )) print $0 }' For some odd reason, this is simply giving me the list of all the entries... (4 Replies)
Discussion started by: Khoomfire
4 Replies
Login or Register to Ask a Question