On 08/30/2016 05:08 PM, Ryan Whalen wrote:
Hi All,

Im having an issue getting a command to run properly, and the issue
seems to be with Freeipa sudo permissions. Specifically 'sudo su -
app_user -c "<command>"' prompts for a password when run.

However if I 'sudo su - app_user' and then run the '<command>' as
app_user, it works fine.

example:
```
$ ssh r...@production-server.pp
Last login: Mon Aug 29 21:36:14 2016 from 10.20.3.15
ryan$ sudo su - app_user -c "df"
[sudo] password for ryan:
^C
ryan$ sudo su - app_user
app_user$ df
Filesystem           1K-blocks     Used Available Use% Mounted on
/dev/sda3             14845784  6667296   7417708  48% /
tmpfs                  1474228        0   1474228   0% /dev/shm
/dev/sda1               487652    81221    380831  18% /boot
10.51.0.34:/srv/nfs/app
                      287687168 69111040 218576128  25% /var/app
10.51.0.54:/srv/nfs/ipa
                       16377088  3728640  11809792  24% /home/ipa
ap_user$
```

I have a sudo rule that allows `/bin/su - app_user` and `/bin/su -
app_user -c` but I cant get the `-c` to work in a single command. I also
tried giving sudo permission to `/bin/bash` in case the `-c` needed it
to create a new shell for some reason, but it didn't work.

Does anyone have any thoughts on what permissions I might be missing to
allow the user to run `sudo su - app_user -c <command>`?

Thanks,
Ryan



Try to allow /bin/su - app_user -c '*'

If I understand you correctly, you want to allow user to run any command as app_user. You can do it also by creating a rule that allows to run any command and run it as app_user.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to