I have two Centos boxes, a dev and a qa, that need to have the same access for a group of users. Both boxes are on a NIS and both boxes have the same sudoers file to allow users to run sudosh as a different "application user". One box is working for one userid but is not on the other box. They get this error:
>sudo -u didxml sudosh
[sudo] password for josha29:
Sorry, user josha29 is not allowed to execute '/usr/bin/sudosh' as didxml on devboxwps029.
Here is the sudoers file:
## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.
## Examples are provided at the bottom of the file for collections
## of related commands, which can then be delegated out to particular
## users or groups.
## This file must be edited with the 'visudo' command.
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \
LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \
LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \
LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \
LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \
# User_Alias ROOT=tjy3f09,sundeep017,eital06, josha29
User_Alias DEV=xxx444,xxx412, feind77, wangxl07, tyle29, ijackAX,nancy003, edison407, josha29
Runas_Alias AP_ACCOUNTS=didvr, didxml, didtool, didbg
The other QA box has as sudoers file that looks the same except the application names have a q in front on them instead of a d: qidxml instead of didxml On this box they have no problems running as qidxml.
Any ideas on what could be keeping this person from executing as as didxml?