[clue] impersonation
Chris Fedde
chris at fedde.us
Mon Apr 21 15:58:49 MDT 2014
In addition to managing the contents of the sudoers file to try and
minimize granted power I sometimes write scripts that have the sudo in them.
#!/bin/bash
u=apache
if [ $EUID -ne `id -u $u` ]
then
exec sudo -u $u $0 $@
fi
echo $0 as $USER with $@
On Mon, Apr 21, 2014 at 2:37 PM, Jon Ernster <jon.ernster at gmail.com> wrote:
> Normally I just create a shell script with su - <user> in it, then grant
> sudo access for a user to that specific script, so they'd run sudo
> /usr/local/bin/login.sh and it'll sudo them to the user.
>
> Jon
>
>
>
> On Mon, Apr 21, 2014 at 2:33 PM, Quentin Hartman <qhartman at gmail.com>wrote:
>
>> use controls in the sudoers file to limit the commands the users can run.
>>
>>
>> On Mon, Apr 21, 2014 at 2:20 PM, David L. Willson <DLWillson at thegeek.nu>wrote:
>>
>>> That'll probably be the way I end up doing it, but what if I wanted to
>>> give my user the ability to get a full, interactive login shell with the
>>> profile and rc's of the user they impersonate?
>>>
>>>
>>> Sent from my Verizon Wireless 4G LTE Smartphone
>>>
>>>
>>> -------- Original message --------
>>> From: Jim Ockers
>>> Date:04/21/2014 1:59 PM (GMT-07:00)
>>> To: CLUE's mailing list
>>> Subject: Re: [clue] impersonation
>>>
>>> Hi David,
>>>
>>> Try: sudo -u otheruser command
>>>
>>>
>>> Jim
>>>
>>> --
>>> Jim Ockers, P.E., P.Eng. (ockers at ockers.net)
>>> Contact info: http://www.ockers.net/
>>>
>>> -----Original message-----
>>> *From:* David L. Willson <DLWillson at TheGeek.NU>
>>> *Sent:* Monday 21st April 2014 12:58
>>> *To:* CLUE's mailing list <clue at cluedenver.org>
>>> *Subject:* [clue] impersonation
>>>
>>> How do you let one non-privileged user impersonate (become) another
>>> non-privileged user?
>>>
>>> When *I* need to impersonate a user, I run: sudo su - some_user, but I
>>> don't want the regular users doing that. Or, do I?
>>>
>>> --
>>> David L. Willson
>>> Teacher, Engineer, Evangelist
>>> RHCE+Satellite CCAH Network+ A+ Linux+ LPIC-1 UbuntuCP NovellCLA
>>> Mobile 720-333-LANS(5267)
>>> http://sofree.us
>>>
>>> This is a good time for a r3VOLution.
>>>
>>> _______________________________________________
>>>
>>> clue mailing list: clue at cluedenver.org
>>>
>>> For information, account preferences, or to unsubscribe see:
>>> http://cluedenver.org/mailman/listinfo/clue
>>>
>>>
>>> _______________________________________________
>>> clue mailing list: clue at cluedenver.org
>>> For information, account preferences, or to unsubscribe see:
>>> http://cluedenver.org/mailman/listinfo/clue
>>>
>>
>>
>> _______________________________________________
>> clue mailing list: clue at cluedenver.org
>> For information, account preferences, or to unsubscribe see:
>> http://cluedenver.org/mailman/listinfo/clue
>>
>
>
> _______________________________________________
> clue mailing list: clue at cluedenver.org
> For information, account preferences, or to unsubscribe see:
> http://cluedenver.org/mailman/listinfo/clue
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cluedenver.org/pipermail/clue/attachments/20140421/486f23e4/attachment.html
More information about the clue
mailing list