bsd wrote:
> I have an sh script that is called by the "www" process which has a
> shell that defaults to /sbin/nologin
>
> I have configured the sudoers file with these settings:
>
> www ALL=(www) NOPASSWD: /usr/local/bin/postfixadmin-domain-
> postdeletion.sh
>
>
> And It does not seem to be able to execute?
>
>
> > Sorry, user www is not allowed to execute '/usr/local/bin/
> > postfixadmin-mailbox-postdeletion.sh y...@test.com test.com' as www on
> > newmail.rmm.fr
> > .
> >
>
>
> The file I am trying to delete is also owned by a non privileged
> user? ??
The user www is www, so you shouldn't need to sudo to run as that
account. Did you mean to setup the rule for the postfix user? Or a
postfix target account?
That said, I think what you typed should have worked. You shouldn't have
seen "www is not allowed to execute ... as www", because your sudoers
file says otherwise.
Assuming your account has full sudo, what do you see if you type:
$ sudo -u www sudo -l
Hopefully, because of the NOPASSWD in there, you won't have to produce
www's password.
Is your script (postfixadmin-domain-postdeletion.sh) readable and
executable by user www?
Do you have any trailing characters or something on the line with your
sudo rule which might make sudo think you've typed a literal command
with arguments instead of a command that can be run with arbitrary
arguments?
--
Chris Cowart
Network Technical Lead
Network & Infrastructure Services, RSSP-IT
UC Berkeley
pgphSFQguJkgd.pgp
Description: PGP signature