LinuxQuestions.org - Quick sudo question

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Quick sudo question (https://www.linuxquestions.org/questions/linux-security-4/quick-sudo-question-809477/)

terrytibbs

05-22-2010 09:41 AM

Quick sudo question

Can you set a user to su to another user without a password?

ie, I am logged in as userA I want to su to userB without a password,

A colleague is suggesting NOPASSWD in sudoers file, but this just stops you having to enter userA's password, no userB's password?

Any help would be appreciated.

Ta

EricTRA

05-22-2010 09:47 AM

Hi,

You could use su - to go assume root rights which will ask you for your password (if you're in the sudoers list). From there you can su to any user without having to type the password.

It's also pretty insecure to assume that level of 'user hopping' when you're not root. One user shouldn't be allowed to switch to another user like that, better is to set permissions on file level.

Kind regards,

Eric

kbp	05-22-2010 09:49 AM

You colleague is correct, add something like the following to /etc/sudoers:

Code:

userA ALL=(ALL) NOPASSWD: /bin/su - userB

Then you use the command:

Code:

sudo su - userB

@EricTRA: we see this pretty often where users need to su to a service account, like 'oracle'

cheers

terrytibbs

05-22-2010 10:02 AM

Thanks guys.

EricTRA

05-22-2010 10:06 AM

Quote:

Originally Posted by kbp (Post 3977607)

You colleague is correct, add something like the following to /etc/sudoers:

Code:

userA ALL=(ALL) NOPASSWD: /bin/su - userB

Then you use the command:

Code:

sudo su - userB

@EricTRA: we see this pretty often where users need to su to a service account, like 'oracle'

cheers

Hello,

Thanks for the info; of course you're right. I didn't think that far since we don't have our users connecting on Linux level.

Kind regards,

Eric

All times are GMT -5. The time now is 08:59 AM.