On Mar 2, 2011, at 9:54 AM, Matt Lawrence wrote: > oracle is allowed to "sudo su - ggs" and should be able to run anything as > any of the ggs users. However, "sudo su - ggs -c ls" to run a ls as ggs > fails.
I may be missing something, but why does 'su' need to be part of this equation at all? "sudo -i -u ggs" solves the first case, and "sudo -u ggs ls" should solve the second (with the caveat about the environment that Ben already referenced). And by not delegating out to suo, you also then have the option of more granular control over which binaries can be run by the user via sudo. _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
