any AIX'ers use SUDO?

[noober]

Hi all. I want to let some operators type folks spawn a shell session running as ROOT using sudo and that works fine by doing this:

sudo -u root -s

The problem I have is in getting roots .profile to run automatically (so I dont have to depend on the ops to do it, because they are knuckleheads)! I have tried writing a little script that does the sudo and then executes the .profile, but that does not work.

Anyone doing anything like this?

 

[bi]

What's the line that executes the .profile? Does it look like this:

. /.profile

Note the space between the first . and the /

 

[noober]

Trying to avoid depending on our operators to do that because if they do not, then some of the alias safe guards we have in roots .profile will not be loaded and sooner or later someone will cause a disater.

 

[bi]

Maybe I misunderstood your post. You said you had written a script. I'm suggesting that the script execute the .profile. Or is the entire script not working?

 

[noober]

Hers the script(s) I have tried - First try:
################
# goroot #
################
. /.profile
sudo -u root -s
################

This does execute .profile before executing the sudo, then of course requires the ops to enter there own password...at which point the -s spawns the rooty shell. Problem, that shell throws away the environment of the source user as well as that recently executed .profile!

So I tried:
################
# goroot #
################
sudo -u root -s
. /.profile
################

The above just executes sudo, forces the ops to enter their password and then spawns the shell. But, the .profile does not get executed until the ops exit out of the rooty shell, at which time it picks back up!

Appreciate any help!?!
-thanks

 

[bi]

My brain may be mush today, but:

Why not put the alias safeguards you are trying to preserve in /etc/profile so they are part of everyone's environment? Also, I'm not quite sure why you are using "-u root". The -u parameter is to specify a user other than root.

And I'm not quite sure why you are using -s. Is it a script owned and executable by root you want them to execute? If so, I would think you could set the required enviornment in the script and all they would have to do is type sudo /path/to/the/script. And then I don't think the -s would be needed either.

 

[noober]

Tried that...but when I sudo into a shell session it doesnt execute .profile

 

[bi]

why do you have to sudo into a new shell session? Why are you using the -s parameter?

 

[Chapter11]

agreed, I wouldn't use sudo in the way you're using it.

if you just want to give them a root shell, "sudo su -" is what I would (and do, although not for operators) use.

 

[bi]

Or create a script executable by root only to do what you want the operators to do and then have them type

sudo /usr/local/bin/roots_script.sh

 

[noober]

Thanks Chapter11 (smacking forehead) thats exactly what I need! I have just been trying to use sudo's environment and variable setup facility to do it and while sudo is a great tool, the documentation and examples do not seem to totally reflect reality.

 

[bi]

yes, that is the easy way, but it isn't very safe for people you say are knuckleheads.

 

[Chapter11]

my preferred method for giving operators root tasks is to give them their own userid with a lynx interface (as their login shell), so they *never* have access to a command prompt. options in the lynx menu run scripts that call sudo to do other scripts.

 

[noober]

Agreed bi, but I am working withen a framework I dont have complete authority over (yet) and so I have sneaky-sneaky installed some solid aliases for ROOT that will at least slow down these folks.

Thanks for the help guys!