On Thu, Aug 19, 2010 at 9:56 AM, mcclnx mcc <mcclnx at yahoo.com.tw> wrote: > Thank you for answer. The problem I have is "user1" need "su" privilege. > If I grant "su" privilege, it can "su" to anyone. What I want is user1 can > ONLY "su" to user2. > > my /etc/sudoers setup: > > # User privilege specification > root ALL=(ALL) ALL > user1 ALL=(root) /bin/su > > > any ideal to fix it? > > > > Use complete command like this: user1 ALL=(root) /bin/su - user2 This will limit user1 to that specific command. You can add -NOPASSWD and user1 will not have to enter their password. John -- John Kennedy -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20100819/d75bc3eb/attachment-0005.html>