Perhaps something like this in /etc/sudoers might fit the bill.
Code:
##
# User alias specification
##
#can add users separated by a comma; user1, user2, etc.
User_Alias ALLOWEDUSERS = testuser1
##
# Runas alias specification
##
Runas_Alias XCLOCK = ssh1sgp
#users in the ALLOWEDUSERS list can run the /usr/bin/xclock command with sudo; run as ssh1sgp user.
ALLOWEDUSERS ALL = (XCLOCK) NOPASSWD: /usr/bin/xclock
I gathered understanding of sudoers by reading the following two articles after googling "sudoers nopasswd example".
http://www.gratisoft.us/sudo/sudoers.man.html
http://www.gratisoft.us/sudo/sample.sudoers
You can run as like so,
Code:
sudo -u ssh1sgp /usr/bin/xclock
And it will execute.
Alternatively you can replace ALLOWEDUSERS alias with %groupname so that any user in a particular group can run that command. Adding -b option will run the command in the background, see the sudo man page for more information.
su - user -c "XYZ" will always prompt you for a password even if you're attempting to run the with the current user. The only exception to that rule is root. sudoers can also handle this if you really want but be very careful to specify the full command and options which you want to execute as root so that way your security is as tight as it *could* be.
Code:
#users in the ALLOWEDUSERS list can run subshell a command to user ssh1sgp as root without requiring a password.
ALLOWEDUSERS ALL = (root) NOPASSWD: /bin/su - ssh1sgp -c "/usr/bin/xclock"
I believe that's what you were looking for. All of that information can be found in the sudo manual I linked to you above.
It's best practice to provide the full path to binaries (i.e. /bin/ls rather than ls) when setting up your sudoers file to minimize the risk of a user executing sudo ls without a password outside of its intended purpose (namely a cron job or the like).
SAM