Allow paswordless user to change to another passwordless user

If what you want is to allow dev to run arbitrary commands as tomcat, then don't bother with su, stick with sudo. Add the following line to the sudoers file (use the visudo command):

dev ALL = (tomcat) NOPASSWD: ALL

Run sudo -iu tomcat as the user dev to run a login shell as tomcat.

You have sudo added to your tags. In your sudoers file, you can add dev to allowed users and, if you wish, restrict which commands they're allowed to run, and that password isn't required. Then all they'd have to do is type "sudo su - tomcat".

Run visudo to add the following line:

dev ALL = NOPASSWD: /usr/bin/su - tomcat

There's lots more information and examples in the man file for sudoers.

This is how I ended up doing it.

I created the file /etc/sudoers.d/dev

Containing:

# allow user dev to become user tomcat
# invoked with [dev@host ~]$ sudo su - tomcat
dev ALL = (root) NOPASSWD: /bin/su - tomcat

changed the file permissions with chmod 0440 /etc/sudoers.d/dev

created an alias in dev's .bashrc alias tomcat='sudo su - tomcat'

This results in the ability for the dev user to become the tomcat user without either having to type (or indeed having) a password ever by typing tomcat at the command line.

Allow paswordless user to change to another passwordless user

Tags:

Security

Sudo

Su

Users

Not Root User

Related

Recent Posts