How can I allow one user to su to another without allowing root access?

Solution 1:

Yes, this is possible.

In /etc/sudoers the item immediately following the equals is the user that the command will be allowed to execute as.

tom  ALL=(oracle) /bin/chown tom *

The user (tom) can type sudo -u oracle /bin/chown tom /home/oracle/oraclefile

Solution 2:

Add to your /etc/sudoers something like

tom ALL=(oracle) ALL

Then user tom should be able to use sudo to run things as user oracle with the -u option, without letting tom

I.e. getting a shell as user oracle (well, given that your sudo is new enough to have the -i option).

sudo -u oracle -i

Solution 3:

To ONLY provide the capabilities in the question, add the following to /etc/sudoers:

tom            ALL=(oracle)    /bin/bash

Then tom can:

sudo -u oracle bash -i

Tags:

Linux

Security

Sudo

Recent Posts