We are using devtoolset-3 on RHEL6.6. Users run scl enable devtoolset-3 bash in order to access an environment with all the devtoolset-3 tools.
I would like to allow users to run a subset of commands as root. The normal way to do this is to use sudo with a sudoers file containing a command alias with a list of commands you want the user to be able to execute as root.
I have tried various combinations but I can't come up with the right recipe.
Below are some of the things I have tried:
Attempt 1:
I create a command alias:
Cmnd_Alias ALLOWEDCOMMANDS=/usr/bin/pkill <process name>
Cmnd_Alias ALLOWEDCOMMANDS=/usr/bin/pkill andand then allow members of myGroup to execute those commands without a password
%myGroup ALL=(ALL) NOPASSWD:SETENT: ALLOWEDCOMMANDS
%myGroup ALL=(ALL) NOPASSWD:SETENT: ALLOWEDCOMMANDS WithWith that setup if I try and run sudo pkill <some_process_name> I get:
Sorry, user is not allowed to execute '/usr/bin/scl enable devtoolset-3 'pkill' '<some_process_name>'' as root
Sorry, user is not allowed to execute '/usr/bin/scl enable devtoolset-3 'pkill' '<some_process_name>'' as root AttemptAttempt 2:
I modified the sudoers file to have the complete command:
Cmnd_Alias ALLOWEDCOMMANDS=/usr/bin/scl enable devtoolset-3 pkill <some_process_name>
Cmnd_Alias ALLOWEDCOMMANDS=/usr/bin/scl enable devtoolset-3 pkill <some_process_name> butbut I still get the same error.
Attempt 3:
If I list /usr/bin/scl/usr/bin/scl as an allowed command then the user is allowed to execute any command as root in an scl enabled environment.
Can anyone come up with a reliable way to allow users to run a certain list of commands in a scl enabled shell?
