From owner-freebsd-questions@FreeBSD.ORG Fri Sep 11 20:15:28 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B333E1065676 for ; Fri, 11 Sep 2009 20:15:28 +0000 (UTC) (envelope-from ccowart@rescomp.berkeley.edu) Received: from hal.rescomp.berkeley.edu (hal.Rescomp.Berkeley.EDU [169.229.70.150]) by mx1.freebsd.org (Postfix) with ESMTP id 9DBE68FC0C for ; Fri, 11 Sep 2009 20:15:28 +0000 (UTC) Received: by hal.rescomp.berkeley.edu (Postfix, from userid 1225) id 0E84F597D76; Fri, 11 Sep 2009 13:15:28 -0700 (PDT) Date: Fri, 11 Sep 2009 13:15:28 -0700 From: Chris Cowart To: bsd Message-ID: <20090911201527.GE37291@hal.rescomp.berkeley.edu> Mail-Followup-To: bsd , Liste FreeBSD References: <08AA332C-6F99-4B28-B391-92616C0602F1@todoo.biz> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-ripemd160; protocol="application/pgp-signature"; boundary="XaUbO9McV5wPQijU" Content-Disposition: inline In-Reply-To: <08AA332C-6F99-4B28-B391-92616C0602F1@todoo.biz> Organization: RSSP-IT, UC Berkeley User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Liste FreeBSD Subject: Re: sudo script not executing X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Sep 2009 20:15:28 -0000 --XaUbO9McV5wPQijU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable bsd wrote: > I have an sh script that is called by the "www" process which has a =20 > shell that defaults to /sbin/nologin >=20 > I have configured the sudoers file with these settings: >=20 > www ALL=3D(www) NOPASSWD: /usr/local/bin/postfixadmin-domain-=20 > postdeletion.sh >=20 >=20 > And It does not seem to be able to execute? >=20 >=20 > > Sorry, user www is not allowed to execute '/usr/local/bin/=20 > > postfixadmin-mailbox-postdeletion.sh y@test.com test.com' as www on new= mail.rmm.fr=20 > > . > > >=20 >=20 > The file I am trying to delete is also owned by a non privileged =20 > user? ?? The user www is www, so you shouldn't need to sudo to run as that account. Did you mean to setup the rule for the postfix user? Or a postfix target account? That said, I think what you typed should have worked. You shouldn't have seen "www is not allowed to execute ... as www", because your sudoers file says otherwise. Assuming your account has full sudo, what do you see if you type: $ sudo -u www sudo -l Hopefully, because of the NOPASSWD in there, you won't have to produce www's password. Is your script (postfixadmin-domain-postdeletion.sh) readable and executable by user www? Do you have any trailing characters or something on the line with your sudo rule which might make sudo think you've typed a literal command with arguments instead of a command that can be run with arbitrary arguments? --=20 Chris Cowart Network Technical Lead Network & Infrastructure Services, RSSP-IT UC Berkeley --XaUbO9McV5wPQijU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (FreeBSD) iQIcBAEBAwAGBQJKqq/fAAoJEC8b9sM8ejXtcX0P/iZmSAJ5GA7VM5lwlgzAMsko 537+hQ5qPPRTtob0dVZZ/4sC3K3/NeAYsPtddlU0iFUH+bMOeg16fL3wB2tKPUMk JskQ5+5oRlVrg+GUAnR/cBk1o5xpvl0A1lZEf91er6pXQMoQ/PfvlLb3EIlxUIr4 XmqDI76uvsupGJV9NW+WY1nRcWKt1Hfej0tG/XhW2TjG7W4rtozDXZeHrzofqwK7 juIARwPpjIaRfx4pyeenJennI4kMcTy6Zsk4yzbmJKXSSSjTNhzaNdAuEX2qG9g5 TEM5ZivMZsvbwfY+UQnDOvcKurJUJITze6RzUDQ93edLn0eTHNWfYTf0zw/hw+bB 7UODrZQW5p+D4Bc60wIrMC+5SzjiQifqCGHkJye4n3Qjmp/hqbvaIMkWARwswig/ 0rDJBsWXMTeBH9X5qemWutvwFiK2vCsFX71Vpo0Wva+vgnNC3iLaj9MYdESf0Ji/ XSyNmbvy356OMZrayPfrzrr2+KKwl+rhe0qVvZ7NkSlvbHOx4xJX0TDukEtixgC3 MGXaTq6+gkqZy6B8fBygHndstU6xXLKfWfbr9nCt+H/uTR3CQreAiMzDI4E2yklN 2/SJ9tvQpfspIKhoYK/euKDVNMsKluo0cCCahTLvZ6+ZY0r0xq/xPjYBqonN3phf NLeVrhjmkETF+ACKorIP =ubL/ -----END PGP SIGNATURE----- --XaUbO9McV5wPQijU--