sudoers - allow user to ssh as another user and run a specific command
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I am writing a Bash script to manage various JBoss instances across multiple servers and I can't seem to get my head around one particular issue. I have spent hours searching the internet but am probably more confused now than when I started off.
The script allows users to check the status of each instance as well as stop/start them. The script is situated in /opt
and then for the stop/start part, it passes arguments to a child script situated under each /jboss/bin
directory.
The users who are allowed to stop/stop already have permissions to run anything as the application user (jbossuser
) and that user has ssh keys set up for the other servers. I have had no issues getting this part of the functionality to work.
I would like to allow any user (namely those who don't have the permissions to execute as the application user) to be able to check the status of each instance. For that I have:
status()
pid=$(ssh -q -t jbossuser@$server "ps -ef
If the script hasn't be run with sudo -u jbossuser ./script.sh
, which the standard users are not allowed to do, it prompts for jbossuser's password.
I know I need to add something to the sudoers file to allow those users to run this specific command, but I am not sure what I need to add. I have got as far as:
user ALL=(jbossuser) NOPASSWD: /usr/bin/ssh
But I want to restrict them to only be allowed to ssh to a handful of servers, only as jbossuser
and limited to that ps -ef
command.
Any help would be greatly appreciated :)
ssh rhel sudo remote
New contributor
add a comment |Â
up vote
0
down vote
favorite
I am writing a Bash script to manage various JBoss instances across multiple servers and I can't seem to get my head around one particular issue. I have spent hours searching the internet but am probably more confused now than when I started off.
The script allows users to check the status of each instance as well as stop/start them. The script is situated in /opt
and then for the stop/start part, it passes arguments to a child script situated under each /jboss/bin
directory.
The users who are allowed to stop/stop already have permissions to run anything as the application user (jbossuser
) and that user has ssh keys set up for the other servers. I have had no issues getting this part of the functionality to work.
I would like to allow any user (namely those who don't have the permissions to execute as the application user) to be able to check the status of each instance. For that I have:
status()
pid=$(ssh -q -t jbossuser@$server "ps -ef
If the script hasn't be run with sudo -u jbossuser ./script.sh
, which the standard users are not allowed to do, it prompts for jbossuser's password.
I know I need to add something to the sudoers file to allow those users to run this specific command, but I am not sure what I need to add. I have got as far as:
user ALL=(jbossuser) NOPASSWD: /usr/bin/ssh
But I want to restrict them to only be allowed to ssh to a handful of servers, only as jbossuser
and limited to that ps -ef
command.
Any help would be greatly appreciated :)
ssh rhel sudo remote
New contributor
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I am writing a Bash script to manage various JBoss instances across multiple servers and I can't seem to get my head around one particular issue. I have spent hours searching the internet but am probably more confused now than when I started off.
The script allows users to check the status of each instance as well as stop/start them. The script is situated in /opt
and then for the stop/start part, it passes arguments to a child script situated under each /jboss/bin
directory.
The users who are allowed to stop/stop already have permissions to run anything as the application user (jbossuser
) and that user has ssh keys set up for the other servers. I have had no issues getting this part of the functionality to work.
I would like to allow any user (namely those who don't have the permissions to execute as the application user) to be able to check the status of each instance. For that I have:
status()
pid=$(ssh -q -t jbossuser@$server "ps -ef
If the script hasn't be run with sudo -u jbossuser ./script.sh
, which the standard users are not allowed to do, it prompts for jbossuser's password.
I know I need to add something to the sudoers file to allow those users to run this specific command, but I am not sure what I need to add. I have got as far as:
user ALL=(jbossuser) NOPASSWD: /usr/bin/ssh
But I want to restrict them to only be allowed to ssh to a handful of servers, only as jbossuser
and limited to that ps -ef
command.
Any help would be greatly appreciated :)
ssh rhel sudo remote
New contributor
I am writing a Bash script to manage various JBoss instances across multiple servers and I can't seem to get my head around one particular issue. I have spent hours searching the internet but am probably more confused now than when I started off.
The script allows users to check the status of each instance as well as stop/start them. The script is situated in /opt
and then for the stop/start part, it passes arguments to a child script situated under each /jboss/bin
directory.
The users who are allowed to stop/stop already have permissions to run anything as the application user (jbossuser
) and that user has ssh keys set up for the other servers. I have had no issues getting this part of the functionality to work.
I would like to allow any user (namely those who don't have the permissions to execute as the application user) to be able to check the status of each instance. For that I have:
status()
pid=$(ssh -q -t jbossuser@$server "ps -ef
If the script hasn't be run with sudo -u jbossuser ./script.sh
, which the standard users are not allowed to do, it prompts for jbossuser's password.
I know I need to add something to the sudoers file to allow those users to run this specific command, but I am not sure what I need to add. I have got as far as:
user ALL=(jbossuser) NOPASSWD: /usr/bin/ssh
But I want to restrict them to only be allowed to ssh to a handful of servers, only as jbossuser
and limited to that ps -ef
command.
Any help would be greatly appreciated :)
ssh rhel sudo remote
ssh rhel sudo remote
New contributor
New contributor
New contributor
asked 2 mins ago
hshah
101
101
New contributor
New contributor
add a comment |Â
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
hshah is a new contributor. Be nice, and check out our Code of Conduct.
hshah is a new contributor. Be nice, and check out our Code of Conduct.
hshah is a new contributor. Be nice, and check out our Code of Conduct.
hshah is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f478557%2fsudoers-allow-user-to-ssh-as-another-user-and-run-a-specific-command%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password