Better still would be

user1 (ALL)=user2 /bin/bash

Leave off su entirely and

sudo -H user2 -i

as user1

On 19 Aug 2010 15:57, "mcclnx mcc" <mcclnx@yahoo.com.tw> wrote:
> This work correctly.  Thanks.
>
> --- 10/8/19 (四),John Kennedy <skebi69@gmail.com> 寫道:
>
> 寄件者: John Kennedy <skebi69@gmail.com>
> 主旨: Re: [CentOS] how to setup account which can 'su" to another account (NON-root)?
> 收件者: "CentOS mailing list" <centos@centos.org>
> 日期: 2010年8月19日,四,上午10:00
>
>
>
> On Thu, Aug 19, 2010 at 9:56 AM, mcclnx mcc <mcclnx@yahoo.com.tw> wrote:
>
> Thank you for answer.  The problem I have is "user1" need "su" privilege.  If I grant "su" privilege, it can "su" to anyone.  What I want is user1 can ONLY "su" to user2.
>
>
>
>
> my /etc/sudoers setup:
>
>
>
>  # User privilege specification
>
> root    ALL=(ALL) ALL
>
> user1   ALL=(root) /bin/su
>
>
>
>
>
> any ideal to fix it?
>
>
>
>
>
>
> Use complete command like this:user1 ALL=(root) /bin/su - user2This will limit user1 to that specific command. You can add -NOPASSWD and user1 will not have to enter their password.
> John--
>  John Kennedy
>
>
>
> -----內含下列夾帶檔案-----
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
>
>