To further explain -- you would normally use an alias in sudoers to point to a list of commands ...
Cmnd_Alias OPCMDS = /opt/scripts/cmsshutdown.sh, /sbin/shutdown -h now, /sbin/shutdown -r now Then use that allias throughout the sudoers file: oper1 ALL=OPCMDS Scott Rohling On Thu, Sep 25, 2008 at 9:33 AM, Scott Rohling <[EMAIL PROTECTED]>wrote: > Ah - well - the alias isn't for the 'sudo' command itself -- it's just for > sudoers... The alias will resolve into the list of commands -- you don't > actually get to use it on the command line. It's just a vehicle to help > you code sudoers more efficiently - not to provide an alias when you issue > commands. Make sense? > > Scott Rohling > > > On Thu, Sep 25, 2008 at 9:22 AM, LJ Mace <[EMAIL PROTECTED]> wrote: > >> But when I sudo SHUTL2 I get: >> sudo: SHUTL2: command not found >> Mace >> >> >> --- On Thu, 9/25/08, Scott Rohling <[EMAIL PROTECTED]> wrote: >> >> > From: Scott Rohling <[EMAIL PROTECTED]> >> > Subject: Re: question about sudo >> > To: [email protected] >> > Date: Thursday, September 25, 2008, 11:06 AM >> > Isn't that what you want to see? The resolution of all >> > the aliases and the >> > final result? That's what I'd want to see - >> > sanity check to make sure the >> > aliases are resolving... And in this case it looks like >> > SHUTL2 is >> > resolving but CMSDOWN is not.. >> > >> > Scott Rohling >> > >> > (resending -- for some reason my reply just went directly >> > to ljmace the >> > first time) >> > >> > On Thu, Sep 25, 2008 at 8:53 AM, LJ Mace >> > <[EMAIL PROTECTED]> wrote: >> > >> > > (rant on)I am trying to protect the system from an >> > incompetent manager >> > > making a bad decision about an operator(rant off). >> > > Anyway so the operator doen't have to log into >> > root I'm trying to setup >> > > sudo to perform several commands. >> > > To shorten the keying I have setup cmnd alias ,but >> > when I try to execute >> > > the alias i get command not found. >> > > So here is my sudo file: >> > > Host_Alias IMAGE1 = xx.xx.xx.xxx >> > > # User alias specification >> > > User_Alias IMAGEUSR1= oper1 >> > > # Cmnd alias specification >> > > Cmnd_Alias SHUTL2 = /sbin/shutdown -r 0 >> > > Cmnd_Alias CMSDOWN = /opt/scripts/cmsshutdown.sh >> > > # Defaults specification >> > > Defaults targetpw,insults # ask for the password of >> > the target user i.e. >> > > root >> > > %users ALL=(ALL) ALL # WARNING! Only use this together >> > with 'Defaults >> > > targetpw'! >> > > >> > > # User privilege specification >> > > # You should not use sudo as root in an SELinux >> > environment >> > > # If you use SELinux, remove the following line >> > > root ALL=(ALL) ALL >> > > oper1 ALL=/sbin/shutdown -h now,!/usr/bin/passwd root, >> > !/bin/rm, \ >> > > SHUTL2, CMSDOWN >> > > # Uncomment to allow people in group wheel to run all >> > commands >> > > # %wheel ALL=(ALL) ALL >> > > >> > > # Same thing without a password >> > > # %wheel ALL=(ALL) NOPASSWD: ALL >> > > >> > > I've done the sudo -K to bring in the changes but >> > when I do a >> > > sudo -l I get: >> > > >> > > User oper1 may run the following commands on this >> > host: >> > > (ALL) ALL >> > > (root) /sbin/shutdown -h now >> > > (root) !/usr/bin/passwd root >> > > (root) !/bin/rm >> > > (root) /sbin/shutdown -r 0 >> > > Why is it showing the commands and not the alias? >> > > thanks >> > > Mace >> > > >> > > >> > ---------------------------------------------------------------------- >> > > For LINUX-390 subscribe / signoff / archive access >> > instructions, >> > > send email to [EMAIL PROTECTED] with the message: >> > INFO LINUX-390 or >> > > visit >> > > http://www.marist.edu/htbin/wlvindex?LINUX-390 >> > > >> > >> > ---------------------------------------------------------------------- >> > For LINUX-390 subscribe / signoff / archive access >> > instructions, >> > send email to [EMAIL PROTECTED] with the message: INFO >> > LINUX-390 or visit >> > http://www.marist.edu/htbin/wlvindex?LINUX-390 >> >> ---------------------------------------------------------------------- >> For LINUX-390 subscribe / signoff / archive access instructions, >> send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or >> visit >> http://www.marist.edu/htbin/wlvindex?LINUX-390 >> > > ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
