sudoers error message “command not allowed”
I have the following line in /etc/sudoers on Solaris:
alcrciad ALL=(sacimso) NOPASSWD:/bin/find /opt/bns/saci///* \\( -type d ! -name config -a -type d ! -name secure \\) -prune -user sacimso -exec rm -rf {} \\;
When I executed the following command, it prompted for password:
bash-3.2$ id
uid=29533(alcrciad) gid=8451(alcrgrp)
bash-3.2$ sudo -u sacimso /bin/find /opt/bns/saci///* \( -type d ! -name config -a -type d ! -name secure \) -prune -user sacimso -exec rm -rf {} \;
Password:
the log messages showed thtat the command is not allowed:
Dec 18 16:41:15 server1 sudo: [ID 702911 auth.alert] alcrciad : command not allowed ; TTY=pts/24 ; PWD=/opt/apps/algo/alcr5/alcrciad/sacimsoDeploy-IST1/saci-release-ist1/saci-0.7.0.3/config ; USER=sacimso ; COMMAND=/bin/find /opt/bns/saci///AlgoService-2.0.jar /opt/bns/saci///AlgoService-2.0.jar.20190411 /opt/bns/saci///AlgoService-2.0.jar.20200917 /opt/bns/saci///AlgoService-2.0.jar.20200921 /opt/bns/saci///AlgoService-2.0.jar.ALGOCREDIT-1561 /opt/bns/saci///AlgoService-2.0.jar.BAK20201210 /opt/bns/saci///AlgoService-2.0.jar.prod /opt/bns/saci///AlgoService-2.0_back.jar /opt/bns/saci///algox-intraday /opt/bns/saci///apps /opt/bns/saci///bin /opt/bns/saci///build /opt/bns/saci///build.xml /opt/bns/saci///certs /opt/bns/saci///config /opt/bns/saci///deals /opt/bns/saci///derby.log /opt/bns/saci///java /opt/bns/saci///lib /opt/bns/saci///logs /opt/bns/saci///mqjms.log /opt/bns/saci///mqjms.log.0 /opt/bns/saci///mqjms.log.0.1 /opt/bns/saci///mqjms.log.0.1.lck /opt/bns/saci///mqjms.log.0.lck
Dec 18 16:41:15 server1 sudo: [ID 702911 auth.alert] alcrciad : (command continued) /opt/bns/saci///mqjms.log.1 /opt/bns/saci///mqjms.log.1.1 /opt/bns/saci///mqjms.log.2 /opt/bns/saci///mqjms.log.2.1 /opt/bns/saci///mqjms.log.lck /opt/bns/saci///report /opt/bns/saci///schema.xsd /opt/bns/saci///solaris.ibm.jre.7 /opt/bns/saci///src /opt/bns/saci///test /opt/bns/saci///wsdl.xml ( -type d ! -name config -a -type d ! -name secure ) -prune -user sacimso -exec rm -rf {} ;
Tagged:
0