How a non-root user sudo to another non-root user without password?












0















As root, created a new non-root user on RHEL 7.5



appuser:x:1903:1903:appuser:/home/appuser:/bin/bash


A non-root user to be able to sudo to appuser,



sudo -u appuser



without a password,



What are the changes required on RHEL 7.5?










share|improve this question

























  • That sudo su - appuser is a horrendous security breach: you're giving full root access to the user who has permission to do that. Instead, just give the account permission to get to appuser, so they would sudo -su appuser (here, -su is two flags, -s -u). No need for the su command anywhere.

    – roaima
    Oct 29 '18 at 15:01













  • @roaima Query edited. sudo -u syslog does not work. It asks for the password for current user

    – overexchange
    Oct 29 '18 at 15:05













  • Of course it does. That's what sudo does.

    – roaima
    Oct 29 '18 at 15:28
















0















As root, created a new non-root user on RHEL 7.5



appuser:x:1903:1903:appuser:/home/appuser:/bin/bash


A non-root user to be able to sudo to appuser,



sudo -u appuser



without a password,



What are the changes required on RHEL 7.5?










share|improve this question

























  • That sudo su - appuser is a horrendous security breach: you're giving full root access to the user who has permission to do that. Instead, just give the account permission to get to appuser, so they would sudo -su appuser (here, -su is two flags, -s -u). No need for the su command anywhere.

    – roaima
    Oct 29 '18 at 15:01













  • @roaima Query edited. sudo -u syslog does not work. It asks for the password for current user

    – overexchange
    Oct 29 '18 at 15:05













  • Of course it does. That's what sudo does.

    – roaima
    Oct 29 '18 at 15:28














0












0








0








As root, created a new non-root user on RHEL 7.5



appuser:x:1903:1903:appuser:/home/appuser:/bin/bash


A non-root user to be able to sudo to appuser,



sudo -u appuser



without a password,



What are the changes required on RHEL 7.5?










share|improve this question
















As root, created a new non-root user on RHEL 7.5



appuser:x:1903:1903:appuser:/home/appuser:/bin/bash


A non-root user to be able to sudo to appuser,



sudo -u appuser



without a password,



What are the changes required on RHEL 7.5?







linux rhel sudo users






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Oct 29 '18 at 15:06







overexchange

















asked Oct 29 '18 at 14:58









overexchangeoverexchange

360517




360517













  • That sudo su - appuser is a horrendous security breach: you're giving full root access to the user who has permission to do that. Instead, just give the account permission to get to appuser, so they would sudo -su appuser (here, -su is two flags, -s -u). No need for the su command anywhere.

    – roaima
    Oct 29 '18 at 15:01













  • @roaima Query edited. sudo -u syslog does not work. It asks for the password for current user

    – overexchange
    Oct 29 '18 at 15:05













  • Of course it does. That's what sudo does.

    – roaima
    Oct 29 '18 at 15:28



















  • That sudo su - appuser is a horrendous security breach: you're giving full root access to the user who has permission to do that. Instead, just give the account permission to get to appuser, so they would sudo -su appuser (here, -su is two flags, -s -u). No need for the su command anywhere.

    – roaima
    Oct 29 '18 at 15:01













  • @roaima Query edited. sudo -u syslog does not work. It asks for the password for current user

    – overexchange
    Oct 29 '18 at 15:05













  • Of course it does. That's what sudo does.

    – roaima
    Oct 29 '18 at 15:28

















That sudo su - appuser is a horrendous security breach: you're giving full root access to the user who has permission to do that. Instead, just give the account permission to get to appuser, so they would sudo -su appuser (here, -su is two flags, -s -u). No need for the su command anywhere.

– roaima
Oct 29 '18 at 15:01







That sudo su - appuser is a horrendous security breach: you're giving full root access to the user who has permission to do that. Instead, just give the account permission to get to appuser, so they would sudo -su appuser (here, -su is two flags, -s -u). No need for the su command anywhere.

– roaima
Oct 29 '18 at 15:01















@roaima Query edited. sudo -u syslog does not work. It asks for the password for current user

– overexchange
Oct 29 '18 at 15:05







@roaima Query edited. sudo -u syslog does not work. It asks for the password for current user

– overexchange
Oct 29 '18 at 15:05















Of course it does. That's what sudo does.

– roaima
Oct 29 '18 at 15:28





Of course it does. That's what sudo does.

– roaima
Oct 29 '18 at 15:28










1 Answer
1






active

oldest

votes


















3














You can edit the "User privilege specification" section of /etc/sudoers, adding:



non-root-user ALL = (appuser) NOPASSWD: ALL


This will allow non-root-user to run all commands as appuser. non-root-user will not be allowed to run commands as root.



Note that errors in /etc/sudoers can make a system unusable. The file should only be edited with:



$ sudo visudo


This special editor checks the sudoers file for errors before saving and refuses to save it if errors are found.






share|improve this answer


























  • But -r--r----- 1 root root 1225 Jun 12 12:04 /etc/sudoers. Do you think this is customised permision?

    – overexchange
    Oct 29 '18 at 15:50













  • E45 error on modifying the file with vi editor

    – overexchange
    Oct 29 '18 at 16:30













  • It looks like -r--r----- is the standard file mode for /etc/sudoers. Refer to my edited answer for how to edit it.

    – fra-san
    Oct 29 '18 at 17:18











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f478460%2fhow-a-non-root-user-sudo-to-another-non-root-user-without-password%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









3














You can edit the "User privilege specification" section of /etc/sudoers, adding:



non-root-user ALL = (appuser) NOPASSWD: ALL


This will allow non-root-user to run all commands as appuser. non-root-user will not be allowed to run commands as root.



Note that errors in /etc/sudoers can make a system unusable. The file should only be edited with:



$ sudo visudo


This special editor checks the sudoers file for errors before saving and refuses to save it if errors are found.






share|improve this answer


























  • But -r--r----- 1 root root 1225 Jun 12 12:04 /etc/sudoers. Do you think this is customised permision?

    – overexchange
    Oct 29 '18 at 15:50













  • E45 error on modifying the file with vi editor

    – overexchange
    Oct 29 '18 at 16:30













  • It looks like -r--r----- is the standard file mode for /etc/sudoers. Refer to my edited answer for how to edit it.

    – fra-san
    Oct 29 '18 at 17:18
















3














You can edit the "User privilege specification" section of /etc/sudoers, adding:



non-root-user ALL = (appuser) NOPASSWD: ALL


This will allow non-root-user to run all commands as appuser. non-root-user will not be allowed to run commands as root.



Note that errors in /etc/sudoers can make a system unusable. The file should only be edited with:



$ sudo visudo


This special editor checks the sudoers file for errors before saving and refuses to save it if errors are found.






share|improve this answer


























  • But -r--r----- 1 root root 1225 Jun 12 12:04 /etc/sudoers. Do you think this is customised permision?

    – overexchange
    Oct 29 '18 at 15:50













  • E45 error on modifying the file with vi editor

    – overexchange
    Oct 29 '18 at 16:30













  • It looks like -r--r----- is the standard file mode for /etc/sudoers. Refer to my edited answer for how to edit it.

    – fra-san
    Oct 29 '18 at 17:18














3












3








3







You can edit the "User privilege specification" section of /etc/sudoers, adding:



non-root-user ALL = (appuser) NOPASSWD: ALL


This will allow non-root-user to run all commands as appuser. non-root-user will not be allowed to run commands as root.



Note that errors in /etc/sudoers can make a system unusable. The file should only be edited with:



$ sudo visudo


This special editor checks the sudoers file for errors before saving and refuses to save it if errors are found.






share|improve this answer















You can edit the "User privilege specification" section of /etc/sudoers, adding:



non-root-user ALL = (appuser) NOPASSWD: ALL


This will allow non-root-user to run all commands as appuser. non-root-user will not be allowed to run commands as root.



Note that errors in /etc/sudoers can make a system unusable. The file should only be edited with:



$ sudo visudo


This special editor checks the sudoers file for errors before saving and refuses to save it if errors are found.







share|improve this answer














share|improve this answer



share|improve this answer








edited Mar 3 at 20:36

























answered Oct 29 '18 at 15:27









fra-sanfra-san

1,8771620




1,8771620













  • But -r--r----- 1 root root 1225 Jun 12 12:04 /etc/sudoers. Do you think this is customised permision?

    – overexchange
    Oct 29 '18 at 15:50













  • E45 error on modifying the file with vi editor

    – overexchange
    Oct 29 '18 at 16:30













  • It looks like -r--r----- is the standard file mode for /etc/sudoers. Refer to my edited answer for how to edit it.

    – fra-san
    Oct 29 '18 at 17:18



















  • But -r--r----- 1 root root 1225 Jun 12 12:04 /etc/sudoers. Do you think this is customised permision?

    – overexchange
    Oct 29 '18 at 15:50













  • E45 error on modifying the file with vi editor

    – overexchange
    Oct 29 '18 at 16:30













  • It looks like -r--r----- is the standard file mode for /etc/sudoers. Refer to my edited answer for how to edit it.

    – fra-san
    Oct 29 '18 at 17:18

















But -r--r----- 1 root root 1225 Jun 12 12:04 /etc/sudoers. Do you think this is customised permision?

– overexchange
Oct 29 '18 at 15:50







But -r--r----- 1 root root 1225 Jun 12 12:04 /etc/sudoers. Do you think this is customised permision?

– overexchange
Oct 29 '18 at 15:50















E45 error on modifying the file with vi editor

– overexchange
Oct 29 '18 at 16:30







E45 error on modifying the file with vi editor

– overexchange
Oct 29 '18 at 16:30















It looks like -r--r----- is the standard file mode for /etc/sudoers. Refer to my edited answer for how to edit it.

– fra-san
Oct 29 '18 at 17:18





It looks like -r--r----- is the standard file mode for /etc/sudoers. Refer to my edited answer for how to edit it.

– fra-san
Oct 29 '18 at 17:18


















draft saved

draft discarded




















































Thanks for contributing an answer to Unix & Linux Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f478460%2fhow-a-non-root-user-sudo-to-another-non-root-user-without-password%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

How to make a Squid Proxy server?

Is this a new Fibonacci Identity?

Touch on Surface Book