This command fails on OpenSuSE 11.4:

root@host# sudo -S -u "coreapp_customer1_d" -g "coreapp_customer1_d"  /bin/bash -l -c "mkdir -p /home/coreapp_customer1_d/.ssh"

with this message:

Sorry, user root is not allowed to execute 
'/bin/bash -l -c mkdir -p /home/coreapp_customer1_d/.ssh' 
as coreapp_customer1_d:coreapp_customer1_d
on workdevel114.

but it works on OpenSuSE 12.3.

I compared the /etc/sudoers file of both systems, and (except for comment lines) they are the same.

  • 2
    I would say not "root is not allowed to execute it", but the user you are trying to execute as (coreapp_customer1_d:coreapp_customer1_d) is not allowed to do this. Check the permissions of /home/coreapp_customer1_d and /home/coreapp_customer1_d/.ssh
    – Tim
    Commented Oct 11, 2013 at 7:55

2 Answers 2


I had this problem myself and could solve it with

root    ALL=(ALL:ALL) ALL

in visudo. The important part being :ALL. The sudoers man page says this:

In the following example, user tcm may run commands that access a modem device file with the dialer group.

tcm boulder = (:dialer) /usr/bin/tip, /usr/bin/cu,\ /usr/local/bin/minicom

Note that in this example only the group will be set, the command still runs as user tcm. E.g.

$ sudo -g dialer /usr/bin/cu

In my context using -g was the whole point since I wanted to know what a group can write to with:

sudo -u nobody -g some_group find . -writable 2> /dev/null > /tmp/some_group_writable.txt

I found a work around myself:

In my context the -g option (group) is not needed. If the command gets called without it, it works on the old distribution.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .