[Linux-HA] enabling another account to use cibadmin -Q
Doug Knight
dknight at wsi.com
Mon Sep 17 11:23:27 MDT 2007
Just now, I set something up very similar to this. I put:
User_Alias UNPRIV = dknight
Cmnd_Alias CIBADMIN = /usr/sbin/cibadmin
UNPRIV ALL=NOPASSWD: CIBADMIN
Then, I logged into the dknight account, and attempted the following:
sudo /usr/sbin/cibadmin -Q
Worked, returning the cibadmin.xml I expected (no password prompt or
disclaimer). Next, I re-enabled the crontab entry, executing a script
that invokes the same sudo command, and I get a crontab-triggered email
that says:
sudo: sorry, you must have a tty to run sudo
I am running Red Hat EL5, if that makes any difference. I'm not real
familiar with sudo. I'll also attempt the previous suggestion made by
Serge and see if that works.
Doug
On Mon, 2007-09-17 at 18:40 +0200, Raoul Bhatia [IPAX] wrote:
> Doug Knight wrote:
> > Since the scripts are automated (i.e. running without a tty), I cannot
> > use the /etc/sudoers file (which I have working as a command line execution).
>
> may i correct you on that.
>
> you can write something like:
>
> > # User alias specification
> > User_Alias UNPRIV = raoul
> >
> > # Cmnd alias specification
> > Cmnd_Alias NAGIOS = /etc/init.d/nagios
> >
> > # User privilege specification
> > UNPRIV ALL=NOPASSWD: NAGIOS
>
> and after the first initial acknowledge to the sudo disclaimer you are
> set to invoke sudo without tty, via crontab, etc.
>
> cheers,
> raoul bhatia
More information about the Linux-HA
mailing list