Running a command on linux under sudo -u

nancycarden
Kilo Contributor

‎10-31-2016 11:08 AM

In discovering Oracle instances on Linux servers, read permission is required to read the configuration files and run permission is required to run {ORA_HOME}/bin/lsnrctl. Our security folks want to accomplish this by granting our discovery account the ability to run the scripts under sudo by specifying the account like so:

(oracle) NOPASSWD: /tmp/snc-*-oracle_instance.sh *, /tmp/oracle_instance.sh *, (oracle) /tmp/snc-*-oracle_listener.sh *, /tmp/oracle_listener.sh *

I modified the probe ECC queue name several different ways in order to get this to work. I set the must_sudo param to false and changed the ECC queue name to:

sudo -u oracle sh ${file:oracle_instance.sh} ${sid}

but that didn't work. The only way I could get it to work was to copy the script file down to /tmp on the target server, set must_sudo to false, and modify the ECC queue name to reference the script file directly:

sudo -u oracle sh ${file:/tmp/oracle_instance.sh} ${sid}

Not exactly a workable solution. Does anyone know of a way to make this work?

thanks in advance!

Nancy

Labels:
0 Helpfuls
  • 2,306 Views
13 REPLIES 13

evanqu
ServiceNow Employee
ServiceNow Employee
In response to nancycarden

‎11-01-2016 08:57 AM

Yes, that will apply to all 'sudo' transactions.



Mid server assumes that on one target machine, one privileged command is enough for all transactions. So in this case, you may want to have a script act as a "customized sudo", let's call the script "mySudo". In the script, you have some logic like this:


       


        If it's oracle


                  Run "sudo -u oracle xxxx"


        else


                  Run "sudo xxxx"



And you can set "mid.ssh.privileged_commands" to "mySudo". Not sure if this works for you, but requiring multiple privileged commands on one machine is bad practice and it's not recommended.



Thanks


-Evan


0 Helpfuls

humblecommitted
Kilo Guru
In response to evanqu

‎02-17-2017 02:17 PM

where do you configure this script and who do you point the "mid.ssh.privileged_commands" to it?


0 Helpfuls

robm
Kilo Expert

‎06-12-2018 12:09 PM

Did you ever get this figured out, I'm currently trying to do sudo -u oracle but am getting 

-u: not found [No such file or directory]. It seems there's something odd about the way SN executes things as sudo

0 Helpfuls

Henrik Jutterst
Tera Guru

‎10-15-2020 06:06 AM

Hi there all.

Found this post, looking for exactly the same thing 🙂 

I solved it and pasted my solution here: Running script file from Pattern as another user using sudo -u command

 

0 Helpfuls