[Freeipa-users] Managing jboss through sudo
William Muriithi
william.muriithi at gmail.com
Thu Jan 17 00:30:10 UTC 2013
Hello
I am trying to set up dev systems and want to only allow developers to
modify the jboss directory tree, shutdown and restarting jboss. This
is mainly so that they dev system don't deviate from the qa and
production machines.
The directory permissions are fine, but I am having a problem with
stopping and restarting jboss. (We are running jboss on port 80, so
they would need root permission for it to bind on port 80). My other
problem is that the jboss directory path is not the same across
servers.
The directory path is something like this:
/opt/xyz/application/jboss/bin/ Where xyz is the different for every server.
So to restart jboss, I would do the following:
cd /opt/xyz/application/jboss-4.2.3.GA/bin/
sudo ./shutdown -S
sudo nohup ./run.sh -b 0.0.0.0 > /dev/null 2>&1 &
These is what I get when I run the command below from a test account
with same permission as the developers account.
sudo -l
User taccount may run the following commands on this host:
(root, %developers) ./shutdown.sh -S, nohup ./run.sh -b 0.0.0.0 >
/dev/null 2>&1 &
However, if I try to run either of the two commands, I get an error
that the account is not allowed to run this command
[taccount at dev4-yyz-int bin]$ pwd
/opt/xyz/application/jboss/bin
[taccount at dev4-yyz-int bin]$ sudo ./shutdown.sh -S
Sorry, user taccount is not allowed to execute './shutdown.sh -S' as
root on dev4-yyz-int.example.com.
[taccount at dev4-yyz-int bin]$ hostname
dev4-yyz-int.example.com
What am I missing? Or how would you go about it?
For your information, I can restart it using sudo under another
account with full permission
sudo -l
User williamm may run the following commands on this host:
(root) ALL
Thanks for assistance
Regards.
William
More information about the Freeipa-users
mailing list