Run sudo to another user

Run sudo to another user .

I have two users in my AIX system appadmin (Application admin ) and appuser (Application user)
Application Admin user has special permission to run every thing about this application.

I have one script called /usr/app.sh
Only appadmin has permission to run this script
by sudo I want to let appuser to be able to run this script

by root I have configured the system as the following

visudo
%appuser ALL=( appadmin) /usr/app.sh

As per the above configuration appuser should has permission to run sudo and it should to execute that script
When appuser login to the system and when he type sudo �l

User appuser may run the following commands on this host:
(appuser) /usr/app.sh

Everything is ok till now .. but when he try to execute that command by sudo he will got the below

$ sudo /usr/app.sh
Sorry, user appuser is not allowed to execute '/usr/app.sh' as root on Appserver.

why it saying as root I configured sudo to run that script by appadmin and why is not allowed to execute that sicript !

Pls advice in this �

.

From the sudoers FAQ at FAQ and Troubleshooting Tips

I have confiogured the below in /etc/sudoers

Defaults always_set_home, runas_default=appadmin to sudoers
%appuser ALL=(appadmin) ALL

but still is not working !

UNless you want to post the entire sudoers file I'm not sure I can help you much more. Can you check to see if there are additional lines that feature the appadmin user or the groups to which it belongs further on in the sudoers file. Sometimes these can overwrite rather that add to the privileges.

look up I configured in sudoer file and executing of script will be by appuser as appadmin

but the still it's trying to execute it as root and it saying not allowed !

sudo configuration is not for the root !

is the default is root and if is it yes how to can I change it to be allowed for appadmin

This is exactly what ross.mather is trying to tell you: it might well be that other parts of the /etc/sudoers file are contradicting the part you have posted. So please post a C-O-M-P-L-E-T-E /etc/sudoers file (btw.: wrapping code-tags around it would be a nice touch) and not just the part you think is interesting.

I suppose you have double-checked the file modes for "/usr/app.sh" to make sure appadmin has indeed execution rights, haven't you?

bakunin

The mode of /usr/app.sh is 777 and when I did the below sudo configuration to be executable by root

visudo
%appuser ALL=( root) /usr/app.sh

sudo �l

User appuser may run the following commands on this host:
(root) /usr/app.sh

sudo /usr/app.sh
executing for the application ..
application started ..

it'll work and it'll be executed by root but by appadmin it's giving me that mentioned message !

No sudo expert here but do use it and I was thinking that the % sign in front of a value was to allow everyone in that group to execute the command. You said you have two different users not two different groups. Maybe it works the same for users as well so I may be off base here and if so I apologize for mudding up the water evern worse.

I would expect to see something like

User_Alias APPUSER=appuser
Cmnd_Alias APP = /usr/app.sh
APPUSER ALL= PASSWD: APP

I am no expert, but try this

$ sudo su - appusr /bin/app.sh

What is the exact output of sudo -l for the user in question?

And what happens if you run:

sudo -u appadmin /usr/app.sh

With the original config of sudo that you had.

Many thanks it's working

As system admin i decided not to give shell access to users and even application admins on production systems.
I give them access via a simple webpage and the menus are suid capable.
So, even root commands can be granted to someones menu.
I like the fact that no commandline trying or messups are possible.

Fjd.