Hi
Biz_User needs to switch to Sales_User, and I tried following in sudoers: Biz_User ALL=(Sales_User) ALL
but I get following error when I run sudo su - Sales_User
"Sorry, user Biz_User is not allowed to execute '/usr/bin/su - Sales_User' as root on Server_Name"
I know that if I add root in allowed users list, I can switch to other user , but in that way user can switch to root as well.
%Biz_Users ALL=(Sales_User,root) ALL
any better idea ?
centos@unixplanet.biz a écrit :
Hi
Biz_User needs to switch to Sales_User, and I tried following in sudoers: Biz_User ALL=(Sales_User) ALL
but I get following error when I run sudo su - Sales_User
"Sorry, user Biz_User is not allowed to execute '/usr/bin/su - Sales_User' as root on Server_Name"
$ man sudo ... When - is used, it must be specified as the last su option. The other forms (-l and --login) do not have this restriction.
I know that if I add root in allowed users list, I can switch to other user , but in that way user can switch to root as well.
%Biz_Users ALL=(Sales_User,root) ALL
any better idea ?
On Fri, Oct 10, 2008 at 12:49:49PM -0400, centos@unixplanet.biz wrote:
Hi
Biz_User needs to switch to Sales_User, and I tried following in sudoers: Biz_User ALL=(Sales_User) ALL
but I get following error when I run sudo su - Sales_User
"Sorry, user Biz_User is not allowed to execute '/usr/bin/su - Sales_User' as root on Server_Name"
What you gave him the ability to do was run sudo -u Sales_User anycommand (which may be sufficient)
What you've described as wanting is Biz_User ALL=(root) /usr/bin/su - Sales_User
Something totally different :-)
The clue is the "as root" part of the error; "sudo su - Sales_User" means 'run the su - Sales_User command as root'