[Freeipa-users] Help with sudo permission for a command
Pavel Březina
pbrezina at redhat.com
Wed Aug 31 08:51:09 UTC 2016
On 08/30/2016 05:08 PM, Ryan Whalen wrote:
> Hi All,
>
> Im having an issue getting a command to run properly, and the issue
> seems to be with Freeipa sudo permissions. Specifically 'sudo su -
> app_user -c "<command>"' prompts for a password when run.
>
> However if I 'sudo su - app_user' and then run the '<command>' as
> app_user, it works fine.
>
> example:
> ```
> $ ssh ryan at production-server.pp
> Last login: Mon Aug 29 21:36:14 2016 from 10.20.3.15
> ryan$ sudo su - app_user -c "df"
> [sudo] password for ryan:
> ^C
> ryan$ sudo su - app_user
> app_user$ df
> Filesystem 1K-blocks Used Available Use% Mounted on
> /dev/sda3 14845784 6667296 7417708 48% /
> tmpfs 1474228 0 1474228 0% /dev/shm
> /dev/sda1 487652 81221 380831 18% /boot
> 10.51.0.34:/srv/nfs/app
> 287687168 69111040 218576128 25% /var/app
> 10.51.0.54:/srv/nfs/ipa
> 16377088 3728640 11809792 24% /home/ipa
> ap_user$
> ```
>
> I have a sudo rule that allows `/bin/su - app_user` and `/bin/su -
> app_user -c` but I cant get the `-c` to work in a single command. I also
> tried giving sudo permission to `/bin/bash` in case the `-c` needed it
> to create a new shell for some reason, but it didn't work.
>
> Does anyone have any thoughts on what permissions I might be missing to
> allow the user to run `sudo su - app_user -c <command>`?
>
> Thanks,
> Ryan
>
>
Try to allow /bin/su - app_user -c '*'
If I understand you correctly, you want to allow user to run any command
as app_user. You can do it also by creating a rule that allows to run
any command and run it as app_user.
More information about the Freeipa-users
mailing list