Hi, I was wondering if someone can give me some pointers about configuring SUDO. I am trying to configure SUDO to have about 30 users run about 200 scripts as a different user. I understand that I can create an User_Alias but how do I give that User_Alias rights to run all the scripts in a certain directory? We add scripts to that directory every week and don't want to keep a static Cmnd_Alias . Does that make sense? Your help is appreciated very much.
Why not make a group; [scripts], add those users who are permitted to run these scripts to this group. Then they can just su to that group to run those scripts.
Everytime you create a new script, just change the owner to that group.
create wrapper script which will change to the directory where your scripts reside and run specified script (input parameter) from the current directory (so, that wrapper limits running scripts from specific directory). Wrapper owner must be root and permissions must be set to 700.
In sudo configuration you will need to define permissions only for the wrapper script.
Your users wil run scripts in following manner:
Use this syntax to allow sudo access to an entire directory:
User_Alias Host_Alias = (ALL) directory/
where
User_Alias is your User_Alias, userid, group, netgroup, or ALL
Host_Alias is your Host_Alias, host, netgroup, or ALL
directory is the directory conatining all your scripts
The key to this is to make sure to put the slash ( / ) on the end of your directory entry, as in " /usr/global/bin/ "