Thank you for answer. The problem I have is "user1" need "su" privilege. If I grant "su" privilege, it can "su" to anyone. What I want is user1 can ONLY "su" to user2.
my /etc/sudoers setup:
# User privilege specification
root ALL=(ALL) ALL
user1 ALL=(root) /bin/su
any ideal to fix it?
--- 10/8/18 (三),Jay Leafey <jay.leafey@xxxxxxxxxxxx> 寫道:
> 寄件者: Jay Leafey <jay.leafey@xxxxxxxxxxxx>
> 主旨: Re: how to setup account which can 'su" to another account (NON-root)?
> 收件者: "CentOS mailing list" <centos@xxxxxxxxxx>
> 日期: 2010年8月18日,三,下午8:05
> mcclnx mcc wrote:
> > we have CENTOS 5.2 on DELL server. we need allow
> a user can "su" to another user without password.
> >
> > for example:
> >
> > account user1 can "su - user2" without
> password. (user2 is NOT root)
> >
> > I know this is big security risk but .... Anyone
> know how to do it?
> >
> > Thanks.
> >
>
> Check out the sudo command. You can alter the
> /etc/sudoers file to specify that the "source" user can only
> run a command as a specified "runas" user. The syntax
> would look something like:
>
> sourceuser ALL = ( runasuser ) command
>
> Let's say you wanted the user "bob" to be able to run the
> "grep" command as user "fred". The following line
> could be added to the /etc/sudoers file:
>
> bob ALL = ( fred ) /bin/grep
>
> "bob" would use the sudo command to execute the grep
> command:
>
> sudo -u fred /bin/grep 'stuff' logfile
>
> This is a simplistic example, check the man pages for
> "sudo" and "sudoers" for more information.
> -- Jay Leafey - jay.leafey@xxxxxxxxxxxx
> Memphis, TN
>
> -----內含下列夾帶檔案-----
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
