Limited sudo previlage

satheeshkumar · #1 7th September 2011, 07:33 PM

I installed tomcat server in RHEL and the ownership of that is tomcat user. For a user name as guest i want to give limited access to control it.

I want to give limited sudo access. Means i want to give previlage to guest as "sudo to tomcat only and not sudo to root".

If i add the below line in /etc/sudousers file, guest is able to sudo as root.

guest ALL=/bin/su

can someone tell me how to do this.

bodhi.zazen · #2 7th September 2011, 09:52 PM

You do not need to run su as root.

Simply su tomcat , enter pw for tomcat.

Or if you configure sudo, configure it to allow the commands you need the tomcat user to run and not su.

satheeshkumar · #3 7th September 2011, 10:01 PM

i want to give tomcat access to guest, but not to share tomcat password. I think sudo only can do this. But if i add the line /bin/su in sudoers list, it is allowing sudo to root as well. Can you tell me how to customize only to sudo as tomcat only and not as other users

bodhi.zazen · #4 8th September 2011, 05:32 AM

What are you trying to do exactly ? What commands do you want the guest to run and / or what files do you want the guest user to be able to access ?

As I said, if it is a list of commands you would list those commands specifically in sudoers.

See : http://www.gratisoft.us/sudo/sudoers.man.html

You can specify many things, such as Runas_Spec and SELinux_Spec

satheeshkumar · #5 8th September 2011, 08:11 AM

I want to give all permissions to guest as tomcat users are having... using sudo access without sharing tomcat password, so that if any time i feel guest should not have it, i can revoke it..

bodhi.zazen · #6 8th September 2011, 04:02 PM

Sounds like you want the Runas_Spec so your guest can then

sudo -u tomcat foo