SUDO question - how to run command / script without password
in [Solaris]
|
From: underh20 on 21 Jan 2010 15:42 Hello all, Our server is running Solaris 10. I need to start up and shut down Websphere using the script (see end) via "wasadm" user / "wasgroup" group without prompting for password. I have the following entries in the sudoers file. Unfortunately, it's been giving me compilation errors. Any idea how I can fix this and make the script using sudo without asking for password ? Thanks for your kind assistance, Bill ===================================================== /etc/sudoers ===================================================== # Host alias specification # Host_Alias WS=atlantis,172.56.247.222 # # User alias specification # User_Alias WEBUSER=ws1boy # # Cmnd alias specification # Cmnd_Alias SU_WAS= /bin/su - wasadm Cmnd_Alias WASSTARTSTOP=/usr/local/bin/WASstartstop.sh ## ## #### User privilege specification ## ## root ALL=(ALL) ALL wasadm WS=ALL ws1boy ALL=SU_WAS %wasgroup ALL=SU_WAS # Websphere users wasadm ALL= NOPASSWORD: WASSTARTSTOP %wasgroup ALL= NOPASSWORD: WASSTARTSTOP ======================================================== <Script> WASstartstop.sh *** run by "wasadm / wasgroup" ======================================================== !/bin/ksh # #stop IHS DEV /usr/local/bin/sudo /WAS_01/IBM/IHS/DEV/bin/apachectl stop #stop IHS QA /usr/local/bin/sudo /WAS_01/IBM/IHS/QA/bin/apachectl stop #stop IHS PREP /usr/local/bin/sudo /WAS_01/IBM/IHS/PREP/bin/apachectl stop
From: Cydrome Leader on 21 Jan 2010 17:51 In comp.unix.solaris underh20 <underh20.scubadiving(a)gmail.com> wrote: > Hello all, > > Our server is running Solaris 10. > > I need to start up and shut down Websphere using the script (see end) > via "wasadm" user / "wasgroup" group without prompting for password. > > I have the following entries in the sudoers file. Unfortunately, it's > been giving > me compilation errors. Any idea how I can fix this and make the > script using sudo > without asking for password ? > > Thanks for your kind assistance, Bill > > > ===================================================== > /etc/sudoers > ===================================================== > > # Host alias specification > # > Host_Alias WS=atlantis,172.56.247.222 > > > # > # User alias specification > # > User_Alias WEBUSER=ws1boy > > > # > # Cmnd alias specification > # > Cmnd_Alias SU_WAS= /bin/su - wasadm > Cmnd_Alias WASSTARTSTOP=/usr/local/bin/WASstartstop.sh > > > ## > ## > #### User privilege specification > ## > ## > root ALL=(ALL) ALL > > wasadm WS=ALL > ws1boy ALL=SU_WAS > %wasgroup ALL=SU_WAS I have no idea what the above 3 lines are for or are supposed to do. > # Websphere users > > wasadm ALL= NOPASSWORD: WASSTARTSTOP > > %wasgroup ALL= NOPASSWORD: WASSTARTSTOP you never specified what users these command can run as try this wasadm ALL= (root) NOPASSWORD: WASSTARTSTOP %wasgroup ALL= (root) NOPASSWORD: WASSTARTSTOP or whatever user these command need to execute as inside ()
From: nelson on 21 Jan 2010 20:45 you could also convert it to a role without a password but that would, of course, give full access to the wasdm user for people with the role. there might be a way to control that but it's beyond my simple tinkering with roles
From: underh20 on 22 Jan 2010 17:50 On Jan 21, 2:51 pm, Cydrome Leader <prese...(a)MUNGEpanix.com> wrote: > In comp.unix.solaris underh20 <underh20.scubadiv...(a)gmail.com> wrote: > > > > > > > Hello all, > > > Our server is running Solaris 10. > > > I need to start up and shut down Websphere using the script (see end) > > via "wasadm" user / "wasgroup" group without prompting for password. > > > I have the following entries in the sudoers file. Unfortunately, it's > > been giving > > me compilation errors. Any idea how I can fix this and make the > > script using sudo > > without asking for password ? > > > Thanks for your kind assistance, Bill > > > ===================================================== > > /etc/sudoers > > ===================================================== > > > # Host alias specification > > # > > Host_Alias WS=atlantis,172.56.247.222 > > > # > > # User alias specification > > # > > User_Alias WEBUSER=ws1boy > > > # > > # Cmnd alias specification > > # > > Cmnd_Alias SU_WAS= /bin/su - wasadm > > Cmnd_Alias WASSTARTSTOP=/usr/local/bin/WASstartstop.sh > > > ## > > ## > > #### User privilege specification > > ## > > ## > > root ALL=(ALL) ALL > > > wasadm WS=ALL > > ws1boy ALL=SU_WAS > > %wasgroup ALL=SU_WAS > > I have no idea what the above 3 lines are for or are supposed to do. > > > # Websphere users > > > wasadm ALL= NOPASSWORD: WASSTARTSTOP > > > %wasgroup ALL= NOPASSWORD: WASSTARTSTOP > > you never specified what users these command can run as > > try this > > wasadm ALL= (root) NOPASSWORD: WASSTARTSTOP > %wasgroup ALL= (root) NOPASSWORD: WASSTARTSTOP > > or whatever user these command need to execute as inside ()- Hide quoted text - > > - Show quoted text - FYI......Unfortunately, I am still getting syntax errors when trying to issue any "sudo" command after adding the (root) in the fields as suggested above. Any idea how I could resovle this problem. Thanks, Humphrey atlantis> >>> sudoers file: syntax error, line 104 <<< >>> sudoers file: syntax error, line 106 <<< sudo: parse error in /usr/sudoers near line 104
From: John D Groenveld on 22 Jan 2010 20:10 In article <c2a5c30f-00e3-460d-9d6c-abb00f0dea21(a)m26g2000yqb.googlegroups.com>, underh20 <underh20.scubadiving(a)gmail.com> wrote: >FYI......Unfortunately, I am still getting syntax errors when trying >to issue any "sudo" command after >adding the (root) in the fields as suggested above. Any idea how I >could resovle this problem. Comment lines with visudo until you identify the broken one. Then post the broken one so someone can help you debug it. John groenveld(a)acm.org
|
Pages: 1 Prev: Hardware or software problem? Next: T5xxx servers short "freeze" behaviour |