On 08/30/2016 05:08 PM, Ryan Whalen wrote:
Im having an issue getting a command to run properly, and the issue
seems to be with Freeipa sudo permissions. Specifically 'sudo su -
app_user -c "<command>"' prompts for a password when run.
However if I 'sudo su - app_user' and then run the '<command>' as
app_user, it works fine.
$ ssh r...@production-server.pp
Last login: Mon Aug 29 21:36:14 2016 from 10.20.3.15
ryan$ sudo su - app_user -c "df"
[sudo] password for ryan:
ryan$ sudo su - app_user
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda3 14845784 6667296 7417708 48% /
tmpfs 1474228 0 1474228 0% /dev/shm
/dev/sda1 487652 81221 380831 18% /boot
287687168 69111040 218576128 25% /var/app
16377088 3728640 11809792 24% /home/ipa
I have a sudo rule that allows `/bin/su - app_user` and `/bin/su -
app_user -c` but I cant get the `-c` to work in a single command. I also
tried giving sudo permission to `/bin/bash` in case the `-c` needed it
to create a new shell for some reason, but it didn't work.
Does anyone have any thoughts on what permissions I might be missing to
allow the user to run `sudo su - app_user -c <command>`?
Try to allow /bin/su - app_user -c '*'
If I understand you correctly, you want to allow user to run any command
as app_user. You can do it also by creating a rule that allows to run
any command and run it as app_user.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project