sudo access

_mz · 03-12-2014, 03:31 AM

Hi Guys,

I need to create a normal user where the user can su to other normal user (sysadm - this user has special privileges) without password as I need to remove any possibility that IDs got locked, password changes and not to give him any hints on our password pattern.

For example:

test-user@lnxtest:~> sudo su - sysadm
test-user's password: <-- bypass this

I tried to play around with sudoers file but no hint since now.

acid_kewpie · 03-12-2014, 03:37 AM

"sudo su -" utterly undermines the security of sudo and su. You're using sudo to become root to then run su to become a third user? wtf? I know it's a very common thing to do, but it's insane.

"sudo -i -u sysadm" will achieve the same thing properly. sudo will simulate an initial login for the given user and be aware of it.

And for the password part, I believe you can have a sudoers entry of:

Code:

test-user     ALL=(sysadm) NOPASSWD: /bin/bash