How a non-root user sudo to another non-root user without password?












0















As root, created a new non-root user on RHEL 7.5



appuser:x:1903:1903:appuser:/home/appuser:/bin/bash


A non-root user to be able to sudo to appuser,



sudo -u appuser



without a password,



What are the changes required on RHEL 7.5?






linux rhel sudo users







share|improve this question

























  • That sudo su - appuser is a horrendous security breach: you're giving full root access to the user who has permission to do that. Instead, just give the account permission to get to appuser, so they would sudo -su appuser (here, -su is two flags, -s -u). No need for the su command anywhere.

    – roaima
    Oct 29 '18 at 15:01













  • @roaima Query edited. sudo -u syslog does not work. It asks for the password for current user

    – overexchange
    Oct 29 '18 at 15:05













  • Of course it does. That's what sudo does.

    – roaima
    Oct 29 '18 at 15:28
















0















As root, created a new non-root user on RHEL 7.5



appuser:x:1903:1903:appuser:/home/appuser:/bin/bash


A non-root user to be able to sudo to appuser,



sudo -u appuser



without a password,



What are the changes required on RHEL 7.5?






linux rhel sudo users







share|improve this question

























  • That sudo su - appuser is a horrendous security breach: you're giving full root access to the user who has permission to do that. Instead, just give the account permission to get to appuser, so they would sudo -su appuser (here, -su is two flags, -s -u). No need for the su command anywhere.

    – roaima
    Oct 29 '18 at 15:01













  • @roaima Query edited. sudo -u syslog does not work. It asks for the password for current user

    – overexchange
    Oct 29 '18 at 15:05













  • Of course it does. That's what sudo does.

    – roaima
    Oct 29 '18 at 15:28














0












0








0








As root, created a new non-root user on RHEL 7.5



appuser:x:1903:1903:appuser:/home/appuser:/bin/bash


A non-root user to be able to sudo to appuser,



sudo -u appuser



without a password,



What are the changes required on RHEL 7.5?






linux rhel sudo users







share|improve this question
















As root, created a new non-root user on RHEL 7.5



appuser:x:1903:1903:appuser:/home/appuser:/bin/bash


A non-root user to be able to sudo to appuser,



sudo -u appuser



without a password,



What are the changes required on RHEL 7.5?






linux rhel sudo users




linux rhel sudo users






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Oct 29 '18 at 15:06







overexchange

















asked Oct 29 '18 at 14:58









overexchangeoverexchange

360517




360517













  • That sudo su - appuser is a horrendous security breach: you're giving full root access to the user who has permission to do that. Instead, just give the account permission to get to appuser, so they would sudo -su appuser (here, -su is two flags, -s -u). No need for the su command anywhere.

    – roaima
    Oct 29 '18 at 15:01













  • @roaima Query edited. sudo -u syslog does not work. It asks for the password for current user

    – overexchange
    Oct 29 '18 at 15:05













  • Of course it does. That's what sudo does.

    – roaima
    Oct 29 '18 at 15:28



















  • That sudo su - appuser is a horrendous security breach: you're giving full root access to the user who has permission to do that. Instead, just give the account permission to get to appuser, so they would sudo -su appuser (here, -su is two flags, -s -u). No need for the su command anywhere.

    – roaima
    Oct 29 '18 at 15:01













  • @roaima Query edited. sudo -u syslog does not work. It asks for the password for current user

    – overexchange
    Oct 29 '18 at 15:05













  • Of course it does. That's what sudo does.

    – roaima
    Oct 29 '18 at 15:28

















That sudo su - appuser is a horrendous security breach: you're giving full root access to the user who has permission to do that. Instead, just give the account permission to get to appuser, so they would sudo -su appuser (here, -su is two flags, -s -u). No need for the su command anywhere.

– roaima
Oct 29 '18 at 15:01







That sudo su - appuser is a horrendous security breach: you're giving full root access to the user who has permission to do that. Instead, just give the account permission to get to appuser, so they would sudo -su appuser (here, -su is two flags, -s -u). No need for the su command anywhere.

– roaima
Oct 29 '18 at 15:01















@roaima Query edited. sudo -u syslog does not work. It asks for the password for current user

– overexchange
Oct 29 '18 at 15:05







@roaima Query edited. sudo -u syslog does not work. It asks for the password for current user

– overexchange
Oct 29 '18 at 15:05















Of course it does. That's what sudo does.

– roaima
Oct 29 '18 at 15:28





Of course it does. That's what sudo does.

– roaima
Oct 29 '18 at 15:28










1 Answer
1






active

oldest

votes


















3














You can edit the "User privilege specification" section of /etc/sudoers, adding:



non-root-user ALL = (appuser) NOPASSWD: ALL


This will allow non-root-user to run all commands as appuser. non-root-user will not be allowed to run commands as root.



Note that errors in /etc/sudoers can make a system unusable. The file should only be edited with:



$ sudo visudo


This special editor checks the sudoers file for errors before saving and refuses to save it if errors are found.






share|improve this answer


























  • But -r--r----- 1 root root 1225 Jun 12 12:04 /etc/sudoers. Do you think this is customised permision?

    – overexchange
    Oct 29 '18 at 15:50













  • E45 error on modifying the file with vi editor

    – overexchange
    Oct 29 '18 at 16:30













  • It looks like -r--r----- is the standard file mode for /etc/sudoers. Refer to my edited answer for how to edit it.

    – fra-san
    Oct 29 '18 at 17:18











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f478460%2fhow-a-non-root-user-sudo-to-another-non-root-user-without-password%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









3














You can edit the "User privilege specification" section of /etc/sudoers, adding:



non-root-user ALL = (appuser) NOPASSWD: ALL


This will allow non-root-user to run all commands as appuser. non-root-user will not be allowed to run commands as root.



Note that errors in /etc/sudoers can make a system unusable. The file should only be edited with:



$ sudo visudo


This special editor checks the sudoers file for errors before saving and refuses to save it if errors are found.






share|improve this answer


























  • But -r--r----- 1 root root 1225 Jun 12 12:04 /etc/sudoers. Do you think this is customised permision?

    – overexchange
    Oct 29 '18 at 15:50













  • E45 error on modifying the file with vi editor

    – overexchange
    Oct 29 '18 at 16:30













  • It looks like -r--r----- is the standard file mode for /etc/sudoers. Refer to my edited answer for how to edit it.

    – fra-san
    Oct 29 '18 at 17:18
















3














You can edit the "User privilege specification" section of /etc/sudoers, adding:



non-root-user ALL = (appuser) NOPASSWD: ALL


This will allow non-root-user to run all commands as appuser. non-root-user will not be allowed to run commands as root.



Note that errors in /etc/sudoers can make a system unusable. The file should only be edited with:



$ sudo visudo


This special editor checks the sudoers file for errors before saving and refuses to save it if errors are found.






share|improve this answer


























  • But -r--r----- 1 root root 1225 Jun 12 12:04 /etc/sudoers. Do you think this is customised permision?

    – overexchange
    Oct 29 '18 at 15:50













  • E45 error on modifying the file with vi editor

    – overexchange
    Oct 29 '18 at 16:30













  • It looks like -r--r----- is the standard file mode for /etc/sudoers. Refer to my edited answer for how to edit it.

    – fra-san
    Oct 29 '18 at 17:18














3












3








3







You can edit the "User privilege specification" section of /etc/sudoers, adding:



non-root-user ALL = (appuser) NOPASSWD: ALL


This will allow non-root-user to run all commands as appuser. non-root-user will not be allowed to run commands as root.



Note that errors in /etc/sudoers can make a system unusable. The file should only be edited with:



$ sudo visudo


This special editor checks the sudoers file for errors before saving and refuses to save it if errors are found.






share|improve this answer















You can edit the "User privilege specification" section of /etc/sudoers, adding:



non-root-user ALL = (appuser) NOPASSWD: ALL


This will allow non-root-user to run all commands as appuser. non-root-user will not be allowed to run commands as root.



Note that errors in /etc/sudoers can make a system unusable. The file should only be edited with:



$ sudo visudo


This special editor checks the sudoers file for errors before saving and refuses to save it if errors are found.







share|improve this answer














share|improve this answer



share|improve this answer








edited Mar 3 at 20:36

























answered Oct 29 '18 at 15:27









fra-sanfra-san

1,8771620




1,8771620













  • But -r--r----- 1 root root 1225 Jun 12 12:04 /etc/sudoers. Do you think this is customised permision?

    – overexchange
    Oct 29 '18 at 15:50













  • E45 error on modifying the file with vi editor

    – overexchange
    Oct 29 '18 at 16:30













  • It looks like -r--r----- is the standard file mode for /etc/sudoers. Refer to my edited answer for how to edit it.

    – fra-san
    Oct 29 '18 at 17:18



















  • But -r--r----- 1 root root 1225 Jun 12 12:04 /etc/sudoers. Do you think this is customised permision?

    – overexchange
    Oct 29 '18 at 15:50













  • E45 error on modifying the file with vi editor

    – overexchange
    Oct 29 '18 at 16:30













  • It looks like -r--r----- is the standard file mode for /etc/sudoers. Refer to my edited answer for how to edit it.

    – fra-san
    Oct 29 '18 at 17:18

















But -r--r----- 1 root root 1225 Jun 12 12:04 /etc/sudoers. Do you think this is customised permision?

– overexchange
Oct 29 '18 at 15:50







But -r--r----- 1 root root 1225 Jun 12 12:04 /etc/sudoers. Do you think this is customised permision?

– overexchange
Oct 29 '18 at 15:50















E45 error on modifying the file with vi editor

– overexchange
Oct 29 '18 at 16:30







E45 error on modifying the file with vi editor

– overexchange
Oct 29 '18 at 16:30















It looks like -r--r----- is the standard file mode for /etc/sudoers. Refer to my edited answer for how to edit it.

– fra-san
Oct 29 '18 at 17:18





It looks like -r--r----- is the standard file mode for /etc/sudoers. Refer to my edited answer for how to edit it.

– fra-san
Oct 29 '18 at 17:18


















draft saved

draft discarded




















































Thanks for contributing an answer to Unix & Linux Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f478460%2fhow-a-non-root-user-sudo-to-another-non-root-user-without-password%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

How to make a Squid Proxy server?

Image
1 I want to set up squid proxy server for monitoring user activity in a network and Internet Web URL filtering for user. I also want to configure the user login, user log, user access group, and block unwanted web sites in my network. Please help me and guide me the full process to do this. server proxy squid share | improve this question edited Jul 31 '12 at 14:45 Jorge Castro 37.1k 107 422 617 asked Jul 31 '12 at 5:16 Goivind Tiwari Goivind Tiwari
Read more

Is this a new Fibonacci Identity?

Image
6 1 $begingroup$ I have found the following Fibonacci Identity (and proved it). If $F_n$ denotes the nth Fibonacci Number, we have the following identity begin{equation} F_{n-r+h}F_{n+k+g+1} - F_{n-r+g}F_{n+k+h+1} = (-1)^{n+r+h+1} F_{g-h}F_{k+r+1} end{equation} where $F_1 = F_2 = 1$ , $r leq n$ , $h leq g$ , and $n, g, k in mathbb{N}$ . It is not too hard to show that this identity subsumes Cassini's Identity, Catalan's Identity, Vajda's Idenity, and d'Ocagne's identity to name a few. I have done a pretty thorough literature review, and I have not found anything like this, but I am still wondering if anyone has seen this identity before? I found this by accident after noticing some patterns in some analysis work I was doing, so if this is already known I would be curious to see w
Read more

19世紀

Image
この記事は検証可能な参考文献や出典が全く示されていないか、不十分です。 出典を追加して記事の信頼性向上にご協力ください。 ( 2012年3月 ) 千年紀: 2千年紀 世紀: 18世紀 - 19世紀 - 20世紀 十年紀: 1800年代 1810年代 1820年代 1830年代 1840年代 1850年代 1860年代 1870年代 1880年代 1890年代 19世紀に君臨した大英帝国。 19世紀 (じゅうきゅうせいき)は、西暦1801年から西暦1900年までの100年間を指す世紀。 目次 1 19世紀の歴史 1.1 国民国家の成立 1.2 帝国主義の興隆 1.3 列強の植民地争奪戦 2 できごと 2.1 1800年代 2.2 1810年代 2.3 1820年代 2.4 1830年代 2.5 1840年代 2.6 1850年代 2.7 1860年代 2.8 1870年代 2.9 1880年代 2.10 1890年代 2.11 1900年代 3 文化 3.1 文学 3.2 音楽 3.3 思想 3.4 科学 3.5 技術 4 人物 4.1 ヨーロッパ 4.1.1 政治家・王族 4.1.1.1 フランス 4.1.1.2 オーストリア=ハンガリー 4.1.1.3 ロシア 4.1.1.4 イギリス 4.1.1.5 ドイツ(プロイセンほかドイツ領邦を含む) 4.1.1.6 北欧 4.1.1.7 イタリア 4.1.1.8 スペイン 4.1.1.9 ベルギー 4.1.1.10 ギリシア 4.1.2 軍人 4.1.3 実業家 4.1.4 科学と技術 4.1.5 思想と哲学・人文諸学 4.1.6 宗教 4.1.7 文学 4.1.8 美術 4.1.9 音楽 4.1.10 社会事業家 4.1.11 探検家・旅行家 4.1.12 料
Read more