----- Original Message ----- > From: "William Muriithi" <[email protected]> > To: [email protected] > Sent: Sunday, February 9, 2014 10:13:50 PM > Subject: [Freeipa-users] sudo 'run as' question > > Afternoon, > > I have an application that use the account image as service account. I can > su to the account 'image' and start or stop it fine. No root privilege > needed. So I am not trying to set it up so that other developers can be > able to restart it through sudo and that's when I realized I am missing > something about sudo. > > The problem is under "run as" usage. When I look at man page, it imply that > "run as" account don't need to be root. Quoting the man page. > > Begin quote: > sudo allows a permitted user to execute a command as the superuser or > another user, as specified by the security policy. End quote: > > On FreeIPA, I have a sudo rule called developers with necessary hostgroups > and usergroups. At the bottom is a section titled "AS WHOM" and that's > where I am having a problem. If I use root under RunAs Users section, it > works. If I substitute root with account image, I get the following error. > > [william@dev18-yyz-int ~]$ sudo service imageserver stop > [sudo] password for william: > Sorry, user william is not allowed to execute '/sbin/service imageserver > stop' as root on dev18-yyz-int.jamar.loc.
You need to specify the user, because the default for sudo is root. sudo -u image <command> Although, this won't work - your init script is using runuser, which an unprivileged user can't use. HTH. Stephen _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
