mcclnx mcc wrote: > we have CENTOS 5.2 on DELL server. we need allow a user can "su" to another user without password. > > for example: > > account user1 can "su - user2" without password. (user2 is NOT root) > > I know this is big security risk but .... Anyone know how to do it? > > Thanks. > Check out the sudo command. You can alter the /etc/sudoers file to specify that the "source" user can only run a command as a specified "runas" user. The syntax would look something like: sourceuser ALL = ( runasuser ) command Let's say you wanted the user "bob" to be able to run the "grep" command as user "fred". The following line could be added to the /etc/sudoers file: bob ALL = ( fred ) /bin/grep "bob" would use the sudo command to execute the grep command: sudo -u fred /bin/grep 'stuff' logfile This is a simplistic example, check the man pages for "sudo" and "sudoers" for more information. -- Jay Leafey - jay.leafey at mindless.com Memphis, TN -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3274 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.centos.org/pipermail/centos/attachments/20100818/b7b5ca07/attachment-0005.bin>