On Thu, Aug 19, 2010 at 9:56 AM, mcclnx mcc <mcclnx@yahoo.com.tw> wrote:
Thank you for answer.  The problem I have is "user1" need "su" privilege.  If I grant "su" privilege, it can "su" to anyone.  What I want is user1 can ONLY "su" to user2.

my /etc/sudoers setup:

 # User privilege specification
root    ALL=(ALL) ALL
user1   ALL=(root) /bin/su


any ideal to fix it?




Use complete command like this:
user1 ALL=(root) /bin/su - user2
This will limit user1 to that specific command. You can add -NOPASSWD and user1 will not have to enter their password.
John
--
 John Kennedy