How a non-root user sudo to another non-root user without password?












0















As root, created a new non-root user on RHEL 7.5



appuser:x:1903:1903:appuser:/home/appuser:/bin/bash


A non-root user to be able to sudo to appuser,



sudo -u appuser



without a password,



What are the changes required on RHEL 7.5?






linux rhel sudo users







share|improve this question

























  • That sudo su - appuser is a horrendous security breach: you're giving full root access to the user who has permission to do that. Instead, just give the account permission to get to appuser, so they would sudo -su appuser (here, -su is two flags, -s -u). No need for the su command anywhere.

    – roaima
    Oct 29 '18 at 15:01













  • @roaima Query edited. sudo -u syslog does not work. It asks for the password for current user

    – overexchange
    Oct 29 '18 at 15:05













  • Of course it does. That's what sudo does.

    – roaima
    Oct 29 '18 at 15:28
















0















As root, created a new non-root user on RHEL 7.5



appuser:x:1903:1903:appuser:/home/appuser:/bin/bash


A non-root user to be able to sudo to appuser,



sudo -u appuser



without a password,



What are the changes required on RHEL 7.5?






linux rhel sudo users







share|improve this question

























  • That sudo su - appuser is a horrendous security breach: you're giving full root access to the user who has permission to do that. Instead, just give the account permission to get to appuser, so they would sudo -su appuser (here, -su is two flags, -s -u). No need for the su command anywhere.

    – roaima
    Oct 29 '18 at 15:01













  • @roaima Query edited. sudo -u syslog does not work. It asks for the password for current user

    – overexchange
    Oct 29 '18 at 15:05













  • Of course it does. That's what sudo does.

    – roaima
    Oct 29 '18 at 15:28














0












0








0








As root, created a new non-root user on RHEL 7.5



appuser:x:1903:1903:appuser:/home/appuser:/bin/bash


A non-root user to be able to sudo to appuser,



sudo -u appuser



without a password,



What are the changes required on RHEL 7.5?






linux rhel sudo users







share|improve this question
















As root, created a new non-root user on RHEL 7.5



appuser:x:1903:1903:appuser:/home/appuser:/bin/bash


A non-root user to be able to sudo to appuser,



sudo -u appuser



without a password,



What are the changes required on RHEL 7.5?






linux rhel sudo users




linux rhel sudo users






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Oct 29 '18 at 15:06







overexchange

















asked Oct 29 '18 at 14:58









overexchangeoverexchange

360517




360517













  • That sudo su - appuser is a horrendous security breach: you're giving full root access to the user who has permission to do that. Instead, just give the account permission to get to appuser, so they would sudo -su appuser (here, -su is two flags, -s -u). No need for the su command anywhere.

    – roaima
    Oct 29 '18 at 15:01













  • @roaima Query edited. sudo -u syslog does not work. It asks for the password for current user

    – overexchange
    Oct 29 '18 at 15:05













  • Of course it does. That's what sudo does.

    – roaima
    Oct 29 '18 at 15:28



















  • That sudo su - appuser is a horrendous security breach: you're giving full root access to the user who has permission to do that. Instead, just give the account permission to get to appuser, so they would sudo -su appuser (here, -su is two flags, -s -u). No need for the su command anywhere.

    – roaima
    Oct 29 '18 at 15:01













  • @roaima Query edited. sudo -u syslog does not work. It asks for the password for current user

    – overexchange
    Oct 29 '18 at 15:05













  • Of course it does. That's what sudo does.

    – roaima
    Oct 29 '18 at 15:28

















That sudo su - appuser is a horrendous security breach: you're giving full root access to the user who has permission to do that. Instead, just give the account permission to get to appuser, so they would sudo -su appuser (here, -su is two flags, -s -u). No need for the su command anywhere.

– roaima
Oct 29 '18 at 15:01







That sudo su - appuser is a horrendous security breach: you're giving full root access to the user who has permission to do that. Instead, just give the account permission to get to appuser, so they would sudo -su appuser (here, -su is two flags, -s -u). No need for the su command anywhere.

– roaima
Oct 29 '18 at 15:01















@roaima Query edited. sudo -u syslog does not work. It asks for the password for current user

– overexchange
Oct 29 '18 at 15:05







@roaima Query edited. sudo -u syslog does not work. It asks for the password for current user

– overexchange
Oct 29 '18 at 15:05















Of course it does. That's what sudo does.

– roaima
Oct 29 '18 at 15:28





Of course it does. That's what sudo does.

– roaima
Oct 29 '18 at 15:28










1 Answer
1






active

oldest

votes


















3














You can edit the "User privilege specification" section of /etc/sudoers, adding:



non-root-user ALL = (appuser) NOPASSWD: ALL


This will allow non-root-user to run all commands as appuser. non-root-user will not be allowed to run commands as root.



Note that errors in /etc/sudoers can make a system unusable. The file should only be edited with:



$ sudo visudo


This special editor checks the sudoers file for errors before saving and refuses to save it if errors are found.






share|improve this answer


























  • But -r--r----- 1 root root 1225 Jun 12 12:04 /etc/sudoers. Do you think this is customised permision?

    – overexchange
    Oct 29 '18 at 15:50













  • E45 error on modifying the file with vi editor

    – overexchange
    Oct 29 '18 at 16:30













  • It looks like -r--r----- is the standard file mode for /etc/sudoers. Refer to my edited answer for how to edit it.

    – fra-san
    Oct 29 '18 at 17:18











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f478460%2fhow-a-non-root-user-sudo-to-another-non-root-user-without-password%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









3














You can edit the "User privilege specification" section of /etc/sudoers, adding:



non-root-user ALL = (appuser) NOPASSWD: ALL


This will allow non-root-user to run all commands as appuser. non-root-user will not be allowed to run commands as root.



Note that errors in /etc/sudoers can make a system unusable. The file should only be edited with:



$ sudo visudo


This special editor checks the sudoers file for errors before saving and refuses to save it if errors are found.






share|improve this answer


























  • But -r--r----- 1 root root 1225 Jun 12 12:04 /etc/sudoers. Do you think this is customised permision?

    – overexchange
    Oct 29 '18 at 15:50













  • E45 error on modifying the file with vi editor

    – overexchange
    Oct 29 '18 at 16:30













  • It looks like -r--r----- is the standard file mode for /etc/sudoers. Refer to my edited answer for how to edit it.

    – fra-san
    Oct 29 '18 at 17:18
















3














You can edit the "User privilege specification" section of /etc/sudoers, adding:



non-root-user ALL = (appuser) NOPASSWD: ALL


This will allow non-root-user to run all commands as appuser. non-root-user will not be allowed to run commands as root.



Note that errors in /etc/sudoers can make a system unusable. The file should only be edited with:



$ sudo visudo


This special editor checks the sudoers file for errors before saving and refuses to save it if errors are found.






share|improve this answer


























  • But -r--r----- 1 root root 1225 Jun 12 12:04 /etc/sudoers. Do you think this is customised permision?

    – overexchange
    Oct 29 '18 at 15:50













  • E45 error on modifying the file with vi editor

    – overexchange
    Oct 29 '18 at 16:30













  • It looks like -r--r----- is the standard file mode for /etc/sudoers. Refer to my edited answer for how to edit it.

    – fra-san
    Oct 29 '18 at 17:18














3












3








3







You can edit the "User privilege specification" section of /etc/sudoers, adding:



non-root-user ALL = (appuser) NOPASSWD: ALL


This will allow non-root-user to run all commands as appuser. non-root-user will not be allowed to run commands as root.



Note that errors in /etc/sudoers can make a system unusable. The file should only be edited with:



$ sudo visudo


This special editor checks the sudoers file for errors before saving and refuses to save it if errors are found.






share|improve this answer















You can edit the "User privilege specification" section of /etc/sudoers, adding:



non-root-user ALL = (appuser) NOPASSWD: ALL


This will allow non-root-user to run all commands as appuser. non-root-user will not be allowed to run commands as root.



Note that errors in /etc/sudoers can make a system unusable. The file should only be edited with:



$ sudo visudo


This special editor checks the sudoers file for errors before saving and refuses to save it if errors are found.







share|improve this answer














share|improve this answer



share|improve this answer








edited Mar 3 at 20:36

























answered Oct 29 '18 at 15:27









fra-sanfra-san

1,8771620




1,8771620













  • But -r--r----- 1 root root 1225 Jun 12 12:04 /etc/sudoers. Do you think this is customised permision?

    – overexchange
    Oct 29 '18 at 15:50













  • E45 error on modifying the file with vi editor

    – overexchange
    Oct 29 '18 at 16:30













  • It looks like -r--r----- is the standard file mode for /etc/sudoers. Refer to my edited answer for how to edit it.

    – fra-san
    Oct 29 '18 at 17:18



















  • But -r--r----- 1 root root 1225 Jun 12 12:04 /etc/sudoers. Do you think this is customised permision?

    – overexchange
    Oct 29 '18 at 15:50













  • E45 error on modifying the file with vi editor

    – overexchange
    Oct 29 '18 at 16:30













  • It looks like -r--r----- is the standard file mode for /etc/sudoers. Refer to my edited answer for how to edit it.

    – fra-san
    Oct 29 '18 at 17:18

















But -r--r----- 1 root root 1225 Jun 12 12:04 /etc/sudoers. Do you think this is customised permision?

– overexchange
Oct 29 '18 at 15:50







But -r--r----- 1 root root 1225 Jun 12 12:04 /etc/sudoers. Do you think this is customised permision?

– overexchange
Oct 29 '18 at 15:50















E45 error on modifying the file with vi editor

– overexchange
Oct 29 '18 at 16:30







E45 error on modifying the file with vi editor

– overexchange
Oct 29 '18 at 16:30















It looks like -r--r----- is the standard file mode for /etc/sudoers. Refer to my edited answer for how to edit it.

– fra-san
Oct 29 '18 at 17:18





It looks like -r--r----- is the standard file mode for /etc/sudoers. Refer to my edited answer for how to edit it.

– fra-san
Oct 29 '18 at 17:18


















draft saved

draft discarded




















































Thanks for contributing an answer to Unix & Linux Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f478460%2fhow-a-non-root-user-sudo-to-another-non-root-user-without-password%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

How to reconfigure Docker Trusted Registry 2.x.x to use CEPH FS mount instead of NFS and other traditional...

Image
0 I am having trouble trying to reconfigure my DTR container to try and use a CEPH FS mount we created to act as a storage backend for our image repository. The Docs are very vague on this and nothing exactly explains on how to do it. Has anyone yet connected the dots? linux filesystems mount storage docker share | improve this question asked Feb 1 at 6:40 jRapp3r jRapp3r 1 1 add a comment  | 
Read more

is 'sed' thread safe

Image
2 If I have a shell/python script that uses sed to modify a file in place based on user inputs, and then two users run the same script at the same time or approx. same time, is 'sed' thread safe ? Or perhaps it is not an issue because the file_descripor that was opened by the first thread will be used to lock the file anyway ? thx linux sed python share | improve this question edited 7 hours ago Jeff Schaller 42.9k 11 59 137 asked 7 hours ago terreys terreys
Read more

How to make a Squid Proxy server?

Image
1 I want to set up squid proxy server for monitoring user activity in a network and Internet Web URL filtering for user. I also want to configure the user login, user log, user access group, and block unwanted web sites in my network. Please help me and guide me the full process to do this. server proxy squid share | improve this question edited Jul 31 '12 at 14:45 Jorge Castro 37.1k 107 422 617 asked Jul 31 '12 at 5:16 Goivind Tiwari Goivind Tiwari
Read more