[Linux-HA] enabling another account to use cibadmin -Q

Raoul Bhatia [IPAX] r.bhatia at ipax.at
Mon Sep 17 11:40:45 MDT 2007

Doug Knight wrote:
> Just now, I set something up very similar to this. I put:
> User_Alias UNPRIV = dknight
> Cmnd_Alias CIBADMIN = /usr/sbin/cibadmin
> Then, I logged into the dknight account, and attempted the following:
> sudo /usr/sbin/cibadmin -Q
> Worked, returning the cibadmin.xml I expected (no password prompt or
> disclaimer). Next, I re-enabled the crontab entry, executing a script
> that invokes the same sudo command, and I get a crontab-triggered email
> that says:

how does your crontab look like? what version of sudo do you use?

i just now added via visudo
> Cmnd_Alias  LA = /data/test.sh
> raoul   ALL=NOPASSWD: LA

created /data/test.sh. the contents is:
> raoul at dev:~$ cat /data/test.sh
> #!/bin/bash
> id >> /tmp/id

tested it:
> raoul at dev:~$ echo id > /tmp/id; sudo /data/test.sh; cat /tmp/id
> id
> uid=0(root) gid=0(root) groups=0(root),50(staff)

added a cronjob as user raoul:
> raoul at dev:~$ crontab -l
> # m h  dom mon dow   command
> */1 * * * * sudo /data/test.sh

updated /tmp/id (as user raoul)
> raoul at dev:~$ tail /tmp/id
> uid=1234(raoul) gid=100(users) groups=100(users),109(dev)
> uid=0(root) gid=0(root) groups=0(root),50(staff)

the file permissions are (as expected):
> raoul at dev:~$ ls -al /tmp/id
> -rw-r--r-- 1 raoul users 244 2007-09-17 19:39 /tmp/id

sudo version is (from debian etch)
> raoul at dev:~$ sudo -V
> Sudo version 1.6.8p12

hopefully this will help you to achieve your goal!

raoul bhatia
DI (FH) Raoul Bhatia M.Sc.          email.          r.bhatia at ipax.at
Technischer Leiter

IPAX - Aloy Bhatia Hava OEG         web.          http://www.ipax.at
Barawitzkagasse 10/2/2/11           email.            office at ipax.at
1190 Wien                           tel.               +43 1 3670030
FN 277995t HG Wien                  fax.            +43 1 3670030 15

More information about the Linux-HA mailing list