Effin_Ell
asked on
Sudo user cannot run sudo commands
I am having an issue with sudo on RHEL.
I have a domain account that has been given sudo rights. However I cannot sudo commands (e.g. sudo netstat -ltnup | grep -E ':80') unless its a sudo su - command.
The resulting error is as follows:
Can anyone offer a solution please?
I have a domain account that has been given sudo rights. However I cannot sudo commands (e.g. sudo netstat -ltnup | grep -E ':80') unless its a sudo su - command.
The resulting error is as follows:
Sorry, user [abc] is not allowed to execute '/bin/netstat -ltnup as root on [hostname.domain] Can anyone offer a solution please?
appearantly the su - command is allowed to be executed by sudo.
This needs to be (re)configured in the /etc/sudoers file (or some file in /etc/sudoers.d)
Did you try:?
(where the netstat command will be executed by su..
This needs to be (re)configured in the /etc/sudoers file (or some file in /etc/sudoers.d)
Did you try:?
sudo su - -c "netstat -ltnup" | grep -E :80(where the netstat command will be executed by su..
If you can sudo su while other commands are blocked, then whoever set that up for you doesn't understand what sudo is for. I doubt that's that case and suspect that sudo su would be blocked if sudo netstat is blocked.
Why do you need to run it as root? Was the execute bit turned off for regular users?
Why do you need to run it as root? Was the execute bit turned off for regular users?
sudo su and sudo su - have been replaced by sudo -i and sudo -s
In short, understanding which command you are authorizing abc user to run.
Potentially the concise link provided earlier shoukd point you in the right direction.
Sudoers file (/etc/sudoers) efi table by use of visudo
Upon rights elevation sudo -I sudo -s, if you get a denial, run what you seem to have been authorized sudo su - and look at sudoers settings.
Seems rather strange config that a user is limited on which commands they can run under sudo while being permitted to run su - under the sudo command.
In short, understanding which command you are authorizing abc user to run.
Potentially the concise link provided earlier shoukd point you in the right direction.
Sudoers file (/etc/sudoers) efi table by use of visudo
Upon rights elevation sudo -I sudo -s, if you get a denial, run what you seem to have been authorized sudo su - and look at sudoers settings.
Seems rather strange config that a user is limited on which commands they can run under sudo while being permitted to run su - under the sudo command.
/etc/sudoers controls sudo -i or -s differently from sudo su. Someone that doesn't know how that works might disallow one, but still accidentally allow the other.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
https://unix.stackexchange.com/questions/139955/problem-executing-command-as-a-different-user-with-sudo-u
"This is because sudo is different from su. When you su abc, you become the user abc as far as the system is concerned. You can then do anything that abc can do.
On the other hand, sudo is used to allow other users to execute some commands by proxy. In other words, your sudo configuration allows you to do some commands on behalf of abc. If the command you're trying to execute is not one of them, you get the error you reported."
Have the sysadmin edit /etc/sudoers so that the affected user has the desired command added to his sudo "profile".
See the description of /etc/sudoers at the link below:
https://www.garron.me/en/linux/visudo-command-sudoers-file-sudo-default-editor.html