[Freeipa-users] Help with sudo permission for a command
Ryan Whalen
rwhalen at paperlesspost.com
Tue Aug 30 15:08:09 UTC 2016
Hi All,
Im having an issue getting a command to run properly, and the issue seems
to be with Freeipa sudo permissions. Specifically 'sudo su - app_user -c
"<command>"' prompts for a password when run.
However if I 'sudo su - app_user' and then run the '<command>' as app_user,
it works fine.
example:
```
$ ssh ryan at production-server.pp
Last login: Mon Aug 29 21:36:14 2016 from 10.20.3.15
ryan$ sudo su - app_user -c "df"
[sudo] password for ryan:
^C
ryan$ sudo su - app_user
app_user$ df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda3 14845784 6667296 7417708 48% /
tmpfs 1474228 0 1474228 0% /dev/shm
/dev/sda1 487652 81221 380831 18% /boot
10.51.0.34:/srv/nfs/app
287687168 69111040 218576128 25% /var/app
10.51.0.54:/srv/nfs/ipa
16377088 3728640 11809792 24% /home/ipa
ap_user$
```
I have a sudo rule that allows `/bin/su - app_user` and `/bin/su - app_user
-c` but I cant get the `-c` to work in a single command. I also tried
giving sudo permission to `/bin/bash` in case the `-c` needed it to create
a new shell for some reason, but it didn't work.
Does anyone have any thoughts on what permissions I might be missing to
allow the user to run `sudo su - app_user -c <command>`?
Thanks,
Ryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160830/d1e34887/attachment.htm>
More information about the Freeipa-users
mailing list