Running a command on linux under sudo -u
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-31-2016 11:08 AM
In discovering Oracle instances on Linux servers, read permission is required to read the configuration files and run permission is required to run {ORA_HOME}/bin/lsnrctl. Our security folks want to accomplish this by granting our discovery account the ability to run the scripts under sudo by specifying the account like so:
(oracle) NOPASSWD: /tmp/snc-*-oracle_instance.sh *, /tmp/oracle_instance.sh *, (oracle) /tmp/snc-*-oracle_listener.sh *, /tmp/oracle_listener.sh *
I modified the probe ECC queue name several different ways in order to get this to work. I set the must_sudo param to false and changed the ECC queue name to:
sudo -u oracle sh ${file:oracle_instance.sh} ${sid}
but that didn't work. The only way I could get it to work was to copy the script file down to /tmp on the target server, set must_sudo to false, and modify the ECC queue name to reference the script file directly:
sudo -u oracle sh ${file:/tmp/oracle_instance.sh} ${sid}
Not exactly a workable solution. Does anyone know of a way to make this work?
thanks in advance!
Nancy
- Labels:
-
Service Mapping
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-01-2016 08:57 AM
Yes, that will apply to all 'sudo' transactions.
Mid server assumes that on one target machine, one privileged command is enough for all transactions. So in this case, you may want to have a script act as a "customized sudo", let's call the script "mySudo". In the script, you have some logic like this:
If it's oracle
Run "sudo -u oracle xxxx"
else
Run "sudo xxxx"
And you can set "mid.ssh.privileged_commands" to "mySudo". Not sure if this works for you, but requiring multiple privileged commands on one machine is bad practice and it's not recommended.
Thanks
-Evan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-17-2017 02:17 PM
where do you configure this script and who do you point the "mid.ssh.privileged_commands" to it?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-12-2018 12:09 PM
Did you ever get this figured out, I'm currently trying to do sudo -u oracle but am getting
-u: not found [No such file or directory]. It seems there's something odd about the way SN executes things as sudo

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-15-2020 06:06 AM
Hi there all.
Found this post, looking for exactly the same thing 🙂
I solved it and pasted my solution here: Running script file from Pattern as another user using sudo -u command