Hi All,
Thanks to veryone who replied.
Pierre
Jason
Matthew
I have two scenario :
1) Two uers x and z. give the su permission to x for z user only. So that x can su only to z.
Add the following line in sudoers
X ALL = (root) /usr/bin/su � z
OR
Host_Alias MYSVR = myserver
Cmnd_Alias SU = /usr/bin/su - z
X MYSVR = (root) SU
x must use �-� with the command su. see the few lines of a mail which I received from Pierre
>su without - is useless in your case.
>It would be the same as: sudo -s z
>(which starts a shell with z1 ownership) su - z starts a shell and executes all the profiles (setting >the environment vars) of z but if you really want to have su without - , then you have to define it in sudoers:
> X ALL = (root) /bin/su - z, /bin/su z
> (root) is valid for both commands. Note that sudo >will only grant permissions for commands, which are >exactly match the definition in your sudoers file.
Now If you want user x should execute any the command as z then add following line
Defaults:x set_home,runas_default=z
x ALL = (z) ALL
x should then call: sudo or sudo �s
x can run ALL progs as z on ALL systems. (ie: sudo �u z /bin/ls )
This has the advantage of logging all actions.
Substituting the '-s' option give a shell as that user. (ie: sudo -u z -s )
Adding the '-H' option also sets HOME to z's home directory. (ie: sudo -u z -s -H)
2) If there are a two groups x and y. In x group i have three users u1, u2, u3 In y group i have five users z1, z2, z3, z4, z5. Now in this case any user of x gruoup shoud be able su any member of group y.
Add following lines in sudoers file.
# User aliases
User_Alias X = u1,u2,u3
# Runas alias specification
User_Alias y = z1, z2, z3, z4, z5
# Host aliases
Host_Alias MYSVR = myserver
# Command aliases
Cmnd_Alias SU=/usr/bin/su - z1, /usr/bin/su - z2, /usr/bin/su - z3,....
OR
Cmnd_Alias SU=/usr/bin/su � z*
# Override builtin defaults
Defaults:X set_home,runas_default=y
OR
Defaults:X !aunthenticate
# User specifications
X MYSVR=(root) SU
Once again Thanks for giving your time.
Regards,
Vijay
Original Post:
I am using Solaris 2.6. Installed Sudoers version 1.6.3p7. I have two users x and y. Now I want to give su permission to x user for only y user. So x should su only to y.
So I added following line in suoders
x ALL = /usr/bin/su y
But that didn't worked. Still it gives me following error
Sorry x is not allowed to execute "/usr/bin/su y " as root on Server.
Yahoo! - Official partner of 2002 FIFA World Cup
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Wed May 29 09:18:44 2002