Help with sudo

[Neely]

I can't seem to figure out, how to allow a user to run a command thru sudo as another user without having to supply the password.<br>I think I'm confused about Runas_Alias ?<br><br>And if you know of any sudo sites other than <A HREF="

http://www.courtesan.com/sudo/"

TARGET="_new">

http://www.courtesan.com/sudo/</A>

for examples...<br><br><br>Thanks,

 

[AndyBo]

Take a look at the manual page for sudoers (<FONT FACE=monospace>man sudoers</font>) and look for the section on NOPASSWD.&nbsp;&nbsp;To quote:<br><br>NOPASSWD and PASSWD<br>&nbsp;&nbsp;&nbsp;&nbsp;By default, sudo requires that a user authenticate him or<br>&nbsp;&nbsp;&nbsp;&nbsp;herself before running a command.&nbsp;&nbsp;This behavior can be<br>&nbsp;&nbsp;&nbsp;&nbsp;modified via the NOPASSWD tag.<br><br>This should let you set up commands to run without entering a password.

 

[Neely]

I believe I understand about using NOPASSWD, it's that I need to have the user <font color=red>(userA)</font>, run a command to start and stop a program. This program only start's correctly when run by another user id <font color=red>(userB)</font>.<br>ei: userA runs&nbsp;&nbsp;&gt; <b>sudo programs_name</b><br>And when I check the components of the program running (ps -ef), they are all owned<br>by root and not userB.<br>I have also tried userA running &gt; <b>sudo -u userB program_name</b><br><br>Hope that made since.<br><br>Thanks,

 

[AndyBo]

I think I understand what you're trying to do a little better now &nbsp;&nbsp;I've knocked together a bit of a contrived example that should allow you to do what you want:-<br><FONT FACE=monospace><br>User_Alias&nbsp;&nbsp;ADMINS = adam, bob, chuck<br><br>Runas_Alias OP = des, earl, fred<br><br>Host_Alias&nbsp;&nbsp;SPARC = sun1, sun2, sun3<br><br>greg&nbsp;&nbsp;SPARC = (OP) NOPASSWD: /usr/local/bin/start_service,\<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(OP) /usr/local/bin/stop_service<br></font><br>The User_Alias line says that whenever we use ADMINS in the sudoers file, we are talking about adam, bob, and chuck.&nbsp;&nbsp;<br><br>The Runas_Alias says that when we refer to OP we are referring to des, earl, and fred.<br><br>The Host_Alias sets up SPARC as referring to the servers sun1, sun2, and sun3.<br><br>The last entry is for the user &quot;greg&quot;.&nbsp;&nbsp;It says that on any of the SPARC boxes, he may run /usr/local/bin/start_service or /usr/local/bin/stop_service as any of the users des, earl, or fred.&nbsp;&nbsp;However, when starting the service greg wouldn't have to enter a password because the &quot;NOPASSWD&quot; flag is set.<br><br>Hope this helps.

 

[krint]

From the sudo home page:<br><br>NOPASSWD and PASSWD<br>By default, sudo requires that a user authenticate him or herself before running a command. This behavior can be modified via the NOPASSWD tag. Like a Runas_Spec, the NOPASSWD tag sets a default for the commands that follow it in the Cmnd_Spec_List. Conversely, the PASSWD tag can be used to reverse things. For example: <br><br><br>&nbsp;ray&nbsp;&nbsp;&nbsp;&nbsp;rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm<br>would allow the user ray to run /bin/kill, /bin/ls, and /usr/bin/lprm as root on the machine rushmore as root without authenticating himself. If we only want ray to be able to run /bin/kill without a password the entry would be: <br><br><br>&nbsp;ray&nbsp;&nbsp;&nbsp;&nbsp;rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm<br>