Thanks for the reply! It's not exactly that I want to allow any command to
be run as app_user. The command I actually want to run is very long, and
complicated and wouldn't mean much in this context, so I simplified my
example. The problem is that *any command *I run will fail, wether or not
they already have the permissions to run said command.
The exact command that I want to run *will work* if I `sudo su - app_user`
and then run the command in the new shell for `app_user`. It *wont work* if
I try to run `sudo su - app_user -c <command>`. So the user has the
permissions to run the command. it just wont work with the `-c` option.
So thats where I'm stuck. From my perspective they should have all the
permissions that they need. They have sudo privileges to `sudo su -
app_user -c` as well as the specific command that I want to be run.
On Wed, Aug 31, 2016 at 4:51 AM, Pavel Březina <pbrez...@redhat.com> wrote:
> On 08/30/2016 05:08 PM, Ryan Whalen wrote:
>> Hi All,
>> Im having an issue getting a command to run properly, and the issue
>> seems to be with Freeipa sudo permissions. Specifically 'sudo su -
>> app_user -c "<command>"' prompts for a password when run.
>> However if I 'sudo su - app_user' and then run the '<command>' as
>> app_user, it works fine.
>> $ ssh r...@production-server.pp
>> Last login: Mon Aug 29 21:36:14 2016 from 10.20.3.15
>> ryan$ sudo su - app_user -c "df"
>> [sudo] password for ryan:
>> ryan$ sudo su - app_user
>> app_user$ df
>> Filesystem 1K-blocks Used Available Use% Mounted on
>> /dev/sda3 14845784 6667296 7417708 48% /
>> tmpfs 1474228 0 1474228 0% /dev/shm
>> /dev/sda1 487652 81221 380831 18% /boot
>> 287687168 69111040 218576128 25% /var/app
>> 16377088 3728640 11809792 24% /home/ipa
>> I have a sudo rule that allows `/bin/su - app_user` and `/bin/su -
>> app_user -c` but I cant get the `-c` to work in a single command. I also
>> tried giving sudo permission to `/bin/bash` in case the `-c` needed it
>> to create a new shell for some reason, but it didn't work.
>> Does anyone have any thoughts on what permissions I might be missing to
>> allow the user to run `sudo su - app_user -c <command>`?
> Try to allow /bin/su - app_user -c '*'
> If I understand you correctly, you want to allow user to run any command
> as app_user. You can do it also by creating a rule that allows to run any
> command and run it as app_user.
> Manage your subscription for the Freeipa-users mailing list:
> Go to http://freeipa.org for more info on the project
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project