[CentOS] how to setup account which can 'su" to another account (NON-root)?
Jay Leafey
jay.leafey at mindless.com
Thu Aug 19 00:05:48 UTC 2010
mcclnx mcc wrote:
> we have CENTOS 5.2 on DELL server. we need allow a user can "su" to another user without password.
>
> for example:
>
> account user1 can "su - user2" without password. (user2 is NOT root)
>
> I know this is big security risk but .... Anyone know how to do it?
>
> Thanks.
>
Check out the sudo command. You can alter the /etc/sudoers file to
specify that the "source" user can only run a command as a specified
"runas" user. The syntax would look something like:
sourceuser ALL = ( runasuser ) command
Let's say you wanted the user "bob" to be able to run the "grep" command
as user "fred". The following line could be added to the /etc/sudoers file:
bob ALL = ( fred ) /bin/grep
"bob" would use the sudo command to execute the grep command:
sudo -u fred /bin/grep 'stuff' logfile
This is a simplistic example, check the man pages for "sudo" and
"sudoers" for more information.
--
Jay Leafey - jay.leafey at mindless.com
Memphis, TN
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3274 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20100818/b7b5ca07/attachment.bin>
More information about the CentOS
mailing list