Doug Knight wrote:
Just now, I set something up very similar to this. I put:
User_Alias UNPRIV = dknight
Cmnd_Alias CIBADMIN = /usr/sbin/cibadmin
UNPRIV ALL=NOPASSWD: CIBADMIN
Then, I logged into the dknight account, and attempted the following:
sudo /usr/sbin/cibadmin -Q
Worked, returning the cibadmin.xml I expected (no password prompt or
disclaimer). Next, I re-enabled the crontab entry, executing a script
that invokes the same sudo command, and I get a crontab-triggered email
that says:
how does your crontab look like? what version of sudo do you use?
i just now added via visudo
Cmnd_Alias LA = /data/test.sh
raoul ALL=NOPASSWD: LA
created /data/test.sh. the contents is:
[EMAIL PROTECTED]:~$ cat /data/test.sh
#!/bin/bash
id >> /tmp/id
tested it:
[EMAIL PROTECTED]:~$ echo id > /tmp/id; sudo /data/test.sh; cat /tmp/id
id
uid=0(root) gid=0(root) groups=0(root),50(staff)
added a cronjob as user raoul:
[EMAIL PROTECTED]:~$ crontab -l
# m h dom mon dow command
*/1 * * * * sudo /data/test.sh
updated /tmp/id (as user raoul)
[EMAIL PROTECTED]:~$ tail /tmp/id
uid=1234(raoul) gid=100(users) groups=100(users),109(dev)
uid=0(root) gid=0(root) groups=0(root),50(staff)
the file permissions are (as expected):
[EMAIL PROTECTED]:~$ ls -al /tmp/id
-rw-r--r-- 1 raoul users 244 2007-09-17 19:39 /tmp/id
sudo version is (from debian etch)
[EMAIL PROTECTED]:~$ sudo -V
Sudo version 1.6.8p12
hopefully this will help you to achieve your goal!
cheers,
raoul bhatia
--
____________________________________________________________________
DI (FH) Raoul Bhatia M.Sc. email. [EMAIL PROTECTED]
Technischer Leiter
IPAX - Aloy Bhatia Hava OEG web. http://www.ipax.at
Barawitzkagasse 10/2/2/11 email. [EMAIL PROTECTED]
1190 Wien tel. +43 1 3670030
FN 277995t HG Wien fax. +43 1 3670030 15
____________________________________________________________________
_______________________________________________
Linux-HA mailing list
[email protected]
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems
