centos at unixplanet.biz a ?crit :> Hi > > Biz_User needs to switch to Sales_User, and I tried following in > sudoers: > Biz_User ALL=(Sales_User) ALL > > but I get following error when I run sudo su - Sales_User > > "Sorry, user Biz_User is not allowed to execute '/usr/bin/su - > Sales_User' > as root on Server_Name"$ man sudo ... When - is used, it must be specified as the last su option. The other forms (-l and --login) do not have this restriction.> > I know that if I add root in allowed users list, I can switch > to other user , but in that way user can switch to root as well. > > %Biz_Users ALL=(Sales_User,root) ALL > > any better idea ?
On Fri, Oct 10, 2008 at 12:49:49PM -0400, centos at unixplanet.biz wrote:> Hi > > Biz_User needs to switch to Sales_User, and I tried following in sudoers: > Biz_User ALL=(Sales_User) ALL > > but I get following error when I run sudo su - Sales_User > > "Sorry, user Biz_User is not allowed to execute '/usr/bin/su - Sales_User' > as root on Server_Name"What you gave him the ability to do was run sudo -u Sales_User anycommand (which may be sufficient) What you've described as wanting is Biz_User ALL=(root) /usr/bin/su - Sales_User Something totally different :-) The clue is the "as root" part of the error; "sudo su - Sales_User" means 'run the su - Sales_User command as root' -- rgds Stephen
Hi Biz_User needs to switch to Sales_User, and I tried following in sudoers: Biz_User ALL=(Sales_User) ALL but I get following error when I run sudo su - Sales_User "Sorry, user Biz_User is not allowed to execute '/usr/bin/su - Sales_User' as root on Server_Name" I know that if I add root in allowed users list, I can switch to other user , but in that way user can switch to root as well. %Biz_Users ALL=(Sales_User,root) ALL any better idea ?