[clue] impersonation

[Mark G. Harvey]

David, 

I don't think you need both sudo & su ... they are different commands

I've used the below statements to create a vfabric tomcat instance using the tcserver account.  I took these statements from an installation script I ran as root.  Did this on CentOS 6.3

create the tcserver account

# useradd -m -d /home/tcserver -s /bin/bash -c "vfabric tc server admin account" tcserver

create vfabric tc server instance

# sudo -i -u tcserver /opt/vmware/vfabric-tc-server-standard-2.9.1.RELEASE/tcruntime-instance.sh create --template bio --template bio-ssl --instance-directory /srv/vfabric-tc-server <instance name>

start the instance

# sudo -i -u tcserver /opt/vmware/vfabric-tc-server-standard-2.9.1.RELEASE/tcruntime-ctl.sh -n /srv/vfabric-tc-server ubidsynch-dev start


If you don't want to run the commands as root, but instead use an account called "boxadmin", I think "boxadmin" would need to be put in sudoers with the permissions to run commands as the "tcserver" account, plus you might want to limit the commands to the vfabric-tc-server install directory for example.  

HTH






On Monday, April 21, 2014 1:57 PM, David L. Willson <DLWillson at TheGeek.NU> wrote:
 
How do you let one non-privileged user impersonate (become) another non-privileged user?

When *I* need to impersonate a user, I run: sudo su - some_user, but I don't want the regular users doing that. Or, do I?

--
David L. Willson
Teacher, Engineer, Evangelist
RHCE+Satellite CCAH Network+ A+ Linux+ LPIC-1 UbuntuCP NovellCLA
Mobile 720-333-LANS(5267)
http://sofree.us

This is a good time for a r3VOLution.


_______________________________________________
clue mailing list: clue at cluedenver.org
For information, account preferences, or to unsubscribe see:
http://cluedenver.org/mailman/listinfo/clue
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cluedenver.org/pipermail/clue/attachments/20140421/8b2b2462/attachment-0001.html