SUDO to wasadmin minus some commands

[kjsys1]

We running AIX 5.3, I want to allow a few users to sudo to wasadmin (and wasadmin owns everything under "/usr/WebSphere/AppServer"), yet I do want them to be able to update certain config files in that filesystem, is there a way to set that up in the sudoers file?

 

[columb]

You have to be careful. At first sight something like

%someusers myhost = (wasadmin)  /usr/bin/vi /usr/WebSphere/AppServer/config_file

seems to fit the bill but the users can beak out of vi into a shell which is not what you want.

How about giving the users the ability to edit /tmp/config_file and then adding the line

%someusers myhost = (wasadmin)  /usr/bin/cp /tmp/config_file %someusers myhost = (wasadmin)  /usr/bin

or, better still, write a script which does

cp /usr/WebSphere/AppServer/config_file /usr/WebSphere/AppServer/config_file.$(date +%y%m%d_%H%M)
cp /tmp/config_file /usr/WebSphere/AppServer/config_file

and allow the users to run that under sudo.

Ceci n'est pas une signature
Columb Healy