Running commands in a specified role with sudo
When a user has been assigned multiple roles, they usually work with their primary role (such as staff_r) and only selectively execute commands with the other role. This can be accomplished through the sudo command, as these commands usually also require a different Linux user (which can be root or the postgresql account for DBA tasks on the PostgreSQL database server).
How to do itβ¦
In order to configure sudo to perform the right role and type transition, execute the following steps:
Open up the
sudoersfile throughvisudo:~# visudoDefine the commands that the user(s) are allowed to execute. For instance, to allow all users in the
dbagroup to callinitdbin thedbadm_rrole, define the commands as follows:%dba ALL=(postgres) ROLE="dbadm_r" TYPE="dbadm_t" /usr/sbin/initdb
The users in the
dbagroup can now callinitdb, andsudowill automatically switch to thedbadm_rrole and thedbadm_tuser domain wheninitdbis called:~$ sudo -u postgres...
