UNIX for Advanced & Expert Users

I've been asked to provide access to my system for another group of individuals to perform WebSphere and Portal tasks (stop/start specifically). I run both as root (we can debate this one later) and so know I have to figure out a way for these individuals to start and stop WebSphere and Portal as themselves. If they type stopServer blah blah blah, I see error writing to the log files. I could just make the logs directory 777 and be done with it but I'm not sure what else will break along the way.

I added them to my sudoers file as such:

# Runas alias specification
Runas_Alias WAS = root

# Cmnd alias specification
Cmnd_Alias BIGCMDS = /usr/sbin/*, /usr/local/sbin/*, \
/usr/bin/*sh, /etc/*, \
Cmnd_Alias SECURITY = /usr/bin/passwd, /usr/bin/su, \
/usr/sbin/vipw
Cmnd_Alias WPS = /usr/local/WASscripts/*

# User privilege specification

root ALL = (ALL) ALL
%sysadms ALL = (ALL) ALL
%opsids ALL = (ALL) ALL
%devids ALL = (ALL) ALL,!SECURITY
%waswps ALL = (WAS) WPS,!SECURITY

but when they try to run a script to stop and start WebSphere, they get
Sorry, user <x> is not allowed to execute './stopwas' as root on <server>.

My file permissions on the scripts are 755. What am I missing in my config file?

Thanks

Just a coiple of quick questions....

Does the userid belong to the group "waswps" in /etc/group?
Does the script "stopwas" check to see if the userid is "root" before it executes the stop command?

Yes the user ID belongs to the group "waswps". The script does not perform any checking for who you are or who you are running as. It's a simple ./stopServer WebSphere_Portal -username <adminid> -password <pwd>.

The purpose behind the script was to avoid having to distribute the admin Id and password to everyone

Can you try out this one ?.

sudo ./stopServer WebSphere_Portal -username <adminid> -password <pwd>.

That is just prefix the sudo before the command you want to execute. Hope this should work. If it is not working please do let me know what is the error you are getting.