I'm running SuseLinux10 (mostly like OpenSuse I think)

I have a script from which I need to call another script where the second script runs as a more privileged user (though not root) than the original user. The line is the script is:

/bin/su - priv_user -c "${classbin}/pcnew ${1} ${LOGNAME}"

Classbin could be absolute, but the args really need to remain variable.

Is this possible to set this up in the sudoer file so that the unprivileged user doesn't have to enter the password of the privileged user? I attempted it as best I understood the sudoer file, but it didn't work (still asks for a password in other words). Here's the important lines from my sudoer file:

Cmnd_Alias PC1240 = /bin/su - priv_user -c "${classbin}/pcnew ${1} ${LOGNAME}"

%1240 ALL=(ALL) NOPASSWD: PC1240

Thanks.

EDIT:

Screw this. I'm going to write a wrapper that calls the script and just set the SUID bit on the wrapper program.

After the NOPASSWD: instead of PC1240, try adding ALL.

I've gotten this working now. Here is what I did (with the help of people here) for future reference:

The trick was to use the following in the visudo file (with the things in caps being unique identifiers of your choice)

Cmnd_Alias CMD_NAME = /absolute/path/to/script.scr, /as/necessary/more/scripts.scr

Then also runas:

Runas_Alias RUNAS_NAME = user1, user2, user3

Then at the bottom:

%group ALL=(RUNAS_NAME) NOPASSWD: CMD_NAME



Finally, in the script file itself, I needed to use the syntax

sudo -u usertoswitchto ./script.scr arg1 arg2

Regardless if used only for testing purposes or not, that effectively disables any fine-grained control Sudo allows. Are you sure that's sound advice?