sudo -iu not working as expected

I was trying to allow a user to sudo to another account and run a specific command. I'm not a fan of getting them to run through su since it doesn't make much sense to involve a third tool in the equation. I could get it working with the following:


theiruser ALL=(runasuser) NOPASSWD:/usr/local/bin/script.sh

The user could run script.sh with sudo -u runasuser /usr/local/bin/script.sh and it worked as expected but if they tried sudo -iu runasuser /usr/local/bin/script.sh they got prompted for a password as the command didn't match.

I found out that the -i option runs the command through their login shell with a -c option, so in the instance of this user, /bin/bash. So I just had to change the sudoers to this:


theiruser ALL=(runasuser) NOPASSWD:/bin/bash -c /usr/local/bin/script.sh

After that
sudo -iu runasuser /usr/local/bin/script.sh
works as expected.

Wordpress category: 
Wordpress tag: 

Add new comment

Markdown

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Refresh Type the characters you see in this picture. Type the characters you see in the picture; if you can't read them, submit the form and a new image will be generated. Not case sensitive.  Switch to audio verification.