[CentOS] how to setup account which can 'su" to another account (NON-root)?

Jay Leafey jay.leafey at mindless.com
Thu Aug 19 00:05:48 UTC 2010


mcclnx mcc wrote:
> we have CENTOS 5.2 on DELL server.  we need allow a user can "su" to another user without password.
> 
> for example:
> 
> account user1 can "su - user2" without password.   (user2 is NOT root)
> 
> I know this is big security risk but ....  Anyone know how to do it?
> 
> Thanks.
> 

Check out the sudo command.  You can alter the /etc/sudoers file to 
specify that the "source" user can only run a command as a specified 
"runas" user.  The syntax would look something like:

sourceuser ALL = ( runasuser ) command

Let's say you wanted the user "bob" to be able to run the "grep" command 
as user "fred".  The following line could be added to the /etc/sudoers file:

bob ALL = ( fred ) /bin/grep

"bob" would use the sudo command to execute the grep command:

sudo -u fred /bin/grep 'stuff' logfile

This is a simplistic example, check the man pages for "sudo" and 
"sudoers" for more information.
-- 
Jay Leafey - jay.leafey at mindless.com
Memphis, TN
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3274 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20100818/b7b5ca07/attachment.bin>


More information about the CentOS mailing list