Re: [Freeipa-users] problem in sudo policy when target commands use local environment variables
Dear Paul, Thanks for your suggestion. It worked. By the way, using -i option I had to change sudocmd definition in IPA SERVER, to the " /bin/bash -c /path/to/target_cmd" then after -i option worked successfully. Thanks a lot. On Jun 6, 2016 8:33 PM, "Brennan, Paul J" wrote: > Hi Mitra, >I'm not sure if '-H' is the best option for this. If I'm reading the > documentation correctly, it sounds like that option only sets the value of > $HOME to ~*srvusr*. You may want to try: > > $ sudo -u *srvusr* -i > > */path/to/target_cmd *That should run the command using a login shell for > *srvusr*, instantiating that user's variables. > > Good luck, > Paul Brennan > > (Apologies if this ends up in the wrong thread or something, I just signed > up to this list.) > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] problem in sudo policy when target commands use local environment variables
Hi Mitra, I'm not sure if '-H' is the best option for this. If I'm reading the documentation correctly, it sounds like that option only sets the value of $HOME to ~srvusr. You may want to try: $ sudo -u srvusr -i /path/to/target_cmd That should run the command using a login shell for srvusr, instantiating that user's variables. Good luck, Paul Brennan (Apologies if this ends up in the wrong thread or something, I just signed up to this list.) -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] problem in sudo policy when target commands use local environment variables
Hello, I have a problem using sudo policy in FreeIPA when target commands use environment variables defined on a specific local user's profile. Here is the problem: 1- There is a client machine with local user called *srvusr .*this user has permission to run *target_cmd*. 2- *target_cmd* is dependent on environment variables defined in *srvusr'*s profile. Even before joining to FreeIPA, users had to use "su *srvusr*" command to get permission for executing the *target_cmd*. 3- I defined a sudo policy for *target_cmd* to be executed by external user permissions (*srvusr)*. 4- when I run sudo -l on client machine it says IPA user has permission to run *target_cmd* with *srvusr* privileges. 5- The command I run with my IPA user is: $ sudo -H -u *srvusr* */path/to/**target_cmd**target_cmd**_argument* *or* $ sudo -H -u *srvusr* */path/to/**target_cmd* I used -H to inherit target user's environment variables The command fails to run and the error is: "Check environment error! environment not defined or NULL" I would be glad if someone help me to find a solution for that! thanks for your advice in advance -- m-dehghan -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
