On 08/30/2016 05:08 PM, Ryan Whalen wrote:
Hi All,

Im having an issue getting a command to run properly, and the issue
seems to be with Freeipa sudo permissions. Specifically 'sudo su -
app_user -c "<command>"' prompts for a password when run.

However if I 'sudo su - app_user' and then run the '<command>' as
app_user, it works fine.

$ ssh r...@production-server.pp
Last login: Mon Aug 29 21:36:14 2016 from
ryan$ sudo su - app_user -c "df"
[sudo] password for ryan:
ryan$ sudo su - app_user
app_user$ df
Filesystem           1K-blocks     Used Available Use% Mounted on
/dev/sda3             14845784  6667296   7417708  48% /
tmpfs                  1474228        0   1474228   0% /dev/shm
/dev/sda1               487652    81221    380831  18% /boot
                      287687168 69111040 218576128  25% /var/app
                       16377088  3728640  11809792  24% /home/ipa

I have a sudo rule that allows `/bin/su - app_user` and `/bin/su -
app_user -c` but I cant get the `-c` to work in a single command. I also
tried giving sudo permission to `/bin/bash` in case the `-c` needed it
to create a new shell for some reason, but it didn't work.

Does anyone have any thoughts on what permissions I might be missing to
allow the user to run `sudo su - app_user -c <command>`?


Try to allow /bin/su - app_user -c '*'

If I understand you correctly, you want to allow user to run any command as app_user. You can do it also by creating a rule that allows to run any command and run it as app_user.

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to