I am trying to use the sudo command and sudoers file correctly so that I can run a command as another user.
I have my sudoers file set up as follows:
beans ALL = (root,apache) NOPASSWD: /opt/renovations/var/script-*.sh
root, apache, and beans are part of the group beans.
Also /opt has 755 permissions, while the /opt/renovations directory and it's sub-directories are owned by the beans user and group.
The command I'm trying to run as beans is:
sudo -n -u apache -i /opt/renovations/var/script-test.sh
-n: is so that I'm not prompted for a password, as this will be run by a cron
-u: is so that I can impersonate the apache user
-i: is so that I simulate a login, and my .profile is loaded. I need this so that I access the environment variables in .profile.
The problem is that when I run the sudo command, I get the following message:
sudo: sorry, a password is required to run sudo
I've tried running this both on AIX and Ubuntu, but the problem is on both systems. This works if I run:
sudo -n -u apache /opt/renovations/var/script-test.sh
But without the -i, my environment does not contain all of the environment variables that I need to be there.
Is there something I need to update in my sudoers file so that this is possible?
Best Answer
So as you said yourself @krzysto, the solution is to add the following to the sudoers file
The next piece that is missing is to make sure that the group has execute permissions on the scripts, so that you can execute them.