Mdthbs

What was the first LISP compiler?

Can a level 1 Fiend Pact warlock cast a scroll of fireball?

Random point on a sphere

Procedure for traffic not in sight

How to progress with CPLEX/Gurobi

Is English tonal for some words, like "permit"?

How can a resurrection system prevent the cheapening of death?

What is going on: C++ std::move on std::shared_ptr increases use_count?

A medieval fantasy adventurer lights a torch in a 100% pure oxygen room. What happens?

Matrices upper triangular alignment

Do Milankovitch Cycles fully explain climate change?

Do any aircraft carry boats?

How would a village use its river that it shares with another village downstream?

Job offer without any details but asking me to withdraw other applications - is it normal?

How flexible are number-of-pages submission guidelines for conferences?

I changed a word from a source, how do I cite it correctly?

Is there a sentence that begins with “them”?

Is the space of Radon measures a Polish space or at least separable?

Why should I always enable compiler warnings?

Might have gotten a coworker sick, should I address this?

Does the wording of the Wrathful Smite spell imply that there are other living beings that aren't considered "creatures"?

Determining if file in projected or geographic coordinates using ArcGIS Desktop?

Sol Ⅲ = Earth: What is the origin of this planetary naming scheme?

I see your BIDMAS and raise you a BADMIS

enable a user to sudo su to other accounts, but not root

using sudo on GUI applicationsUbuntu 11.10 Server: create user, home directory, sudo privileges: command line onlyRun local scripts on multiple servers using sudo user through a scriptUsing sudo in openSUSE without actually changing to root user (i.e., like in Ubuntu)How can I mimic `sudo su - user` in a script?Parallels on Mac - can no longer sudo within UbuntuAdd user with root/administrative privilegesFedora 25 - Fix broken sudoWhich user's password does `sudo` asks for?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}

0

I have been asked to implement sudo rules such that a non privileges user should be able to switch to other users but not root. i tried couple of things as below but with no avail.

Cmnd_Alias SU = /bin/su - root

%XXXX_GROUP     ALL=(!root) NOPASSWD: ALL, !SU, !ADMIN, !SHELLS

===============================================================

Cmnd_Alias SU = /bin/su - !root

%XXXX_GROUP     ALL=(ALL) NOPASSWD: ALL, SU, !ADMIN, !SHELLS

================================================================

I have searched a lot but could not find any solution or similar questions. Can you please help me in this regard?

Thanks in advance

linux rhel sudo

share|improve this question

edited 1 hour ago

Ulrich Schwarz

10.9k11 gold badge3333 silver badges5151 bronze badges

asked 1 hour ago

LostJediLostJedi

111 bronze badge

New contributor

LostJedi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  You don't need (and shouldn't use) sudo su. In effect it says, "Hello sudo, please can I have root? Ah, thank you. Now then. Hello su, although I'm already root please can I have root? Thank you." You can use sudo -s -u {user} without needing to use su anywhere, which may make your rules easier too.
  
  – roaima
  1 hour ago
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @muru I think the point is that they want to disallow "root" to be the target user of the sudo command, i.e. they want to be able switch between several non-privileged user accounts and disallow switching to root.
  
  – Kusalananda♦
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @Kusalananda ah, I misread.
  
  – muru
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @roaima, thank you, I suggested this usage "sudo -s -u <<user>>. Let me see how it fits their use case.
  
  – LostJedi
  58 mins ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Depending on the configuration of sudo, the sudo -s -u <user> may result in an environment that has the $HOME of the original user but the identity of the target user. For some situations, that might be useful; in others, it might be undesirable. If your version of sudo is not out of date for more than about 15 years, you'll have sudo -i -u <user> which will be an exact equivalent of sudo su - <user>. It will always switch the home directory, and will cause the login scripts of the target user to be executed to re-initialize the environment.
  
  – telcoM
  43 mins ago
  

  
  
  
  

add a comment | 

0

I have been asked to implement sudo rules such that a non privileges user should be able to switch to other users but not root. i tried couple of things as below but with no avail.

Cmnd_Alias SU = /bin/su - root

%XXXX_GROUP     ALL=(!root) NOPASSWD: ALL, !SU, !ADMIN, !SHELLS

===============================================================

Cmnd_Alias SU = /bin/su - !root

%XXXX_GROUP     ALL=(ALL) NOPASSWD: ALL, SU, !ADMIN, !SHELLS

================================================================

I have searched a lot but could not find any solution or similar questions. Can you please help me in this regard?

Thanks in advance

linux rhel sudo

share|improve this question

edited 1 hour ago

Ulrich Schwarz

10.9k11 gold badge3333 silver badges5151 bronze badges

asked 1 hour ago

LostJediLostJedi

111 bronze badge

New contributor

LostJedi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  You don't need (and shouldn't use) sudo su. In effect it says, "Hello sudo, please can I have root? Ah, thank you. Now then. Hello su, although I'm already root please can I have root? Thank you." You can use sudo -s -u {user} without needing to use su anywhere, which may make your rules easier too.
  
  – roaima
  1 hour ago
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @muru I think the point is that they want to disallow "root" to be the target user of the sudo command, i.e. they want to be able switch between several non-privileged user accounts and disallow switching to root.
  
  – Kusalananda♦
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @Kusalananda ah, I misread.
  
  – muru
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @roaima, thank you, I suggested this usage "sudo -s -u <<user>>. Let me see how it fits their use case.
  
  – LostJedi
  58 mins ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Depending on the configuration of sudo, the sudo -s -u <user> may result in an environment that has the $HOME of the original user but the identity of the target user. For some situations, that might be useful; in others, it might be undesirable. If your version of sudo is not out of date for more than about 15 years, you'll have sudo -i -u <user> which will be an exact equivalent of sudo su - <user>. It will always switch the home directory, and will cause the login scripts of the target user to be executed to re-initialize the environment.
  
  – telcoM
  43 mins ago
  

  
  
  
  

add a comment | 

I have been asked to implement sudo rules such that a non privileges user should be able to switch to other users but not root. i tried couple of things as below but with no avail.

Cmnd_Alias SU = /bin/su - root

%XXXX_GROUP     ALL=(!root) NOPASSWD: ALL, !SU, !ADMIN, !SHELLS

===============================================================

Cmnd_Alias SU = /bin/su - !root

%XXXX_GROUP     ALL=(ALL) NOPASSWD: ALL, SU, !ADMIN, !SHELLS

================================================================

I have searched a lot but could not find any solution or similar questions. Can you please help me in this regard?

Thanks in advance

linux rhel sudo

share|improve this question

edited 1 hour ago

Ulrich Schwarz

10.9k11 gold badge3333 silver badges5151 bronze badges

asked 1 hour ago

LostJediLostJedi

111 bronze badge

New contributor

LostJedi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

Cmnd_Alias SU = /bin/su - root

%XXXX_GROUP     ALL=(!root) NOPASSWD: ALL, !SU, !ADMIN, !SHELLS

===============================================================

Cmnd_Alias SU = /bin/su - !root

%XXXX_GROUP     ALL=(ALL) NOPASSWD: ALL, SU, !ADMIN, !SHELLS

================================================================

share|improve this question

edited 1 hour ago

Ulrich Schwarz

10.9k11 gold badge3333 silver badges5151 bronze badges

asked 1 hour ago

LostJediLostJedi

111 bronze badge

New contributor

LostJedi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

edited 1 hour ago

Ulrich Schwarz

10.9k11 gold badge3333 silver badges5151 bronze badges

asked 1 hour ago

LostJediLostJedi

111 bronze badge

New contributor

LostJedi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

edited 1 hour ago

Ulrich Schwarz

10.9k11 gold badge3333 silver badges5151 bronze badges

edited 1 hour ago

Ulrich Schwarz

10.9k11 gold badge3333 silver badges5151 bronze badges

asked 1 hour ago

LostJediLostJedi

111 bronze badge

New contributor

LostJedi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 1 hour ago

LostJediLostJedi

111 bronze badge