SUMMARY : Sudoers error(not allowd to execute the command)

From: vijay <>
Date: Wed May 29 2002 - 09:11:26 EDT
Hi All, 

Thanks to veryone who replied. 

I have two scenario : 

1) Two uers x and z. give the su permission to x for z user only. So that x can su only to z. 

Add the following line in sudoers 

X ALL = (root) /usr/bin/su  z 


Host_Alias MYSVR = myserver 
Cmnd_Alias SU = /usr/bin/su - z 
X MYSVR = (root) SU 

x must use - with the command su. see the few lines of a mail which I received from Pierre 

>su without - is useless in your case. 
>It would be the same as: sudo -s z 
>(which starts a shell with z1 ownership) su - z starts a shell and executes all the profiles (setting >the environment vars) of z but if you really want to have su without - , then you have to define it in sudoers: 

> X ALL = (root) /bin/su - z, /bin/su z

> (root) is valid for both commands. Note that sudo >will only grant permissions for commands, which are  >exactly match the definition in your sudoers file. 

Now If you want user x should execute any the command as z then add following line 

Defaults:x set_home,runas_default=z 
x ALL = (z) ALL 

x should then call: sudo or sudo s 
x can run ALL progs as z on ALL systems. (ie: sudo u z /bin/ls ) 
This has the advantage of logging all actions. 
Substituting the '-s' option give a shell as that user. (ie: sudo -u z -s ) 
Adding the '-H' option also sets HOME to z's home directory. (ie: sudo -u z -s -H) 

2) If there are a two groups x and y. In x group i have three users u1, u2, u3 In y group i have five users z1, z2, z3, z4, z5. Now in this case any user of x gruoup shoud be able su any member of group y. 

Add following lines in sudoers file. 

# User aliases 
User_Alias X = u1,u2,u3 

# Runas alias specification 
User_Alias y = z1, z2, z3, z4, z5 

# Host aliases 
Host_Alias MYSVR = myserver 

# Command aliases 
Cmnd_Alias SU=/usr/bin/su - z1, /usr/bin/su - z2, /usr/bin/su - z3,.... 
Cmnd_Alias SU=/usr/bin/su  z* 

# Override builtin defaults 
Defaults:X set_home,runas_default=y
Defaults:X !aunthenticate 

# User specifications 
X MYSVR=(root) SU 

Once again Thanks for giving your time. 

Original Post: 

I am using Solaris 2.6. Installed Sudoers version 1.6.3p7. I have two users x and y. Now I want to give su permission to x user for only y user. So x should su only to y. 

So I added following line in suoders 

x ALL = /usr/bin/su y 

But that didn't worked. Still it gives me following error 
Sorry x is not allowed to execute "/usr/bin/su y " as root on Server. 
Yahoo! - Official partner of 2002 FIFA World Cup
sunmanagers mailing list
Received on Wed May 29 09:18:44 2002

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:44 EST