I'm confused in the configuration of sudoers for one group of users.
The users need to execute a app from a remote machine, in this local machine they want me to allow ssh for them using sudo
for eg. sudo -u admin ssh -X euadmin@<IP address of remote> <remote script which opens a gui>
It should work, so in the sudoers file I added this
Cmnd_Alias MGW_SSH = /usr/bin/ssh *-X euadmin@<IP address of remote> <remote script which opens a gui>*
The problem with this is that even though this group of users were able to execute the application to open the GUI, but this opens up a security hole where the users are able to ssh to any server using the admin role like sudo -u admin master
would work perfectly and the user is able to log into other servers without password I don't want this to happen.
Is there a way I can restrict these users only to run ssh for a specific server? I did search a bit but couldn't find a proper solution, so thought of contacting the expert.
regards,
Anand.K