I've been asked to provide access to my system for another group of individuals to perform WebSphere and Portal tasks (stop/start specifically). I run both as root (we can debate this one later) and so know I have to figure out a way for these individuals to start and stop WebSphere and Portal as themselves. If they type stopServer blah blah blah, I see error writing to the log files. I could just make the logs directory 777 and be done with it but I'm not sure what else will break along the way.
I added them to my sudoers file as such:
# Runas alias specification
Runas_Alias WAS = root
# Cmnd alias specification
Cmnd_Alias BIGCMDS = /usr/sbin/, /usr/local/sbin/, \
/usr/bin/sh, /etc/, \
Cmnd_Alias SECURITY = /usr/bin/passwd, /usr/bin/su, \
/usr/sbin/vipw
Cmnd_Alias WPS = /usr/local/WASscripts/*
# User privilege specification
root ALL = (ALL) ALL
%sysadms ALL = (ALL) ALL
%opsids ALL = (ALL) ALL
%devids ALL = (ALL) ALL,!SECURITY
%waswps ALL = (WAS) WPS,!SECURITY
but when they try to run a script to stop and start WebSphere, they get
Sorry, user <x> is not allowed to execute './stopwas' as root on <server>.
My file permissions on the scripts are 755. What am I missing in my config file?
Thanks