How a non-root user sudo to another non-root user without password?












0















As root, created a new non-root user on RHEL 7.5



appuser:x:1903:1903:appuser:/home/appuser:/bin/bash


A non-root user to be able to sudo to appuser,



sudo -u appuser



without a password,



What are the changes required on RHEL 7.5?






linux rhel sudo users







share|improve this question

























  • That sudo su - appuser is a horrendous security breach: you're giving full root access to the user who has permission to do that. Instead, just give the account permission to get to appuser, so they would sudo -su appuser (here, -su is two flags, -s -u). No need for the su command anywhere.

    – roaima
    Oct 29 '18 at 15:01













  • @roaima Query edited. sudo -u syslog does not work. It asks for the password for current user

    – overexchange
    Oct 29 '18 at 15:05













  • Of course it does. That's what sudo does.

    – roaima
    Oct 29 '18 at 15:28
















0















As root, created a new non-root user on RHEL 7.5



appuser:x:1903:1903:appuser:/home/appuser:/bin/bash


A non-root user to be able to sudo to appuser,



sudo -u appuser



without a password,



What are the changes required on RHEL 7.5?






linux rhel sudo users







share|improve this question

























  • That sudo su - appuser is a horrendous security breach: you're giving full root access to the user who has permission to do that. Instead, just give the account permission to get to appuser, so they would sudo -su appuser (here, -su is two flags, -s -u). No need for the su command anywhere.

    – roaima
    Oct 29 '18 at 15:01













  • @roaima Query edited. sudo -u syslog does not work. It asks for the password for current user

    – overexchange
    Oct 29 '18 at 15:05













  • Of course it does. That's what sudo does.

    – roaima
    Oct 29 '18 at 15:28














0












0








0








As root, created a new non-root user on RHEL 7.5



appuser:x:1903:1903:appuser:/home/appuser:/bin/bash


A non-root user to be able to sudo to appuser,



sudo -u appuser



without a password,



What are the changes required on RHEL 7.5?






linux rhel sudo users







share|improve this question
















As root, created a new non-root user on RHEL 7.5



appuser:x:1903:1903:appuser:/home/appuser:/bin/bash


A non-root user to be able to sudo to appuser,



sudo -u appuser



without a password,



What are the changes required on RHEL 7.5?






linux rhel sudo users




linux rhel sudo users






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Oct 29 '18 at 15:06







overexchange

















asked Oct 29 '18 at 14:58









overexchangeoverexchange

360517




360517













  • That sudo su - appuser is a horrendous security breach: you're giving full root access to the user who has permission to do that. Instead, just give the account permission to get to appuser, so they would sudo -su appuser (here, -su is two flags, -s -u). No need for the su command anywhere.

    – roaima
    Oct 29 '18 at 15:01













  • @roaima Query edited. sudo -u syslog does not work. It asks for the password for current user

    – overexchange
    Oct 29 '18 at 15:05













  • Of course it does. That's what sudo does.

    – roaima
    Oct 29 '18 at 15:28



















  • That sudo su - appuser is a horrendous security breach: you're giving full root access to the user who has permission to do that. Instead, just give the account permission to get to appuser, so they would sudo -su appuser (here, -su is two flags, -s -u). No need for the su command anywhere.

    – roaima
    Oct 29 '18 at 15:01













  • @roaima Query edited. sudo -u syslog does not work. It asks for the password for current user

    – overexchange
    Oct 29 '18 at 15:05













  • Of course it does. That's what sudo does.

    – roaima
    Oct 29 '18 at 15:28

















That sudo su - appuser is a horrendous security breach: you're giving full root access to the user who has permission to do that. Instead, just give the account permission to get to appuser, so they would sudo -su appuser (here, -su is two flags, -s -u). No need for the su command anywhere.

– roaima
Oct 29 '18 at 15:01







That sudo su - appuser is a horrendous security breach: you're giving full root access to the user who has permission to do that. Instead, just give the account permission to get to appuser, so they would sudo -su appuser (here, -su is two flags, -s -u). No need for the su command anywhere.

– roaima
Oct 29 '18 at 15:01















@roaima Query edited. sudo -u syslog does not work. It asks for the password for current user

– overexchange
Oct 29 '18 at 15:05







@roaima Query edited. sudo -u syslog does not work. It asks for the password for current user

– overexchange
Oct 29 '18 at 15:05















Of course it does. That's what sudo does.

– roaima
Oct 29 '18 at 15:28





Of course it does. That's what sudo does.

– roaima
Oct 29 '18 at 15:28










1 Answer
1






active

oldest

votes


















3














You can edit the "User privilege specification" section of /etc/sudoers, adding:



non-root-user ALL = (appuser) NOPASSWD: ALL


This will allow non-root-user to run all commands as appuser. non-root-user will not be allowed to run commands as root.



Note that errors in /etc/sudoers can make a system unusable. The file should only be edited with:



$ sudo visudo


This special editor checks the sudoers file for errors before saving and refuses to save it if errors are found.






share|improve this answer


























  • But -r--r----- 1 root root 1225 Jun 12 12:04 /etc/sudoers. Do you think this is customised permision?

    – overexchange
    Oct 29 '18 at 15:50













  • E45 error on modifying the file with vi editor

    – overexchange
    Oct 29 '18 at 16:30













  • It looks like -r--r----- is the standard file mode for /etc/sudoers. Refer to my edited answer for how to edit it.

    – fra-san
    Oct 29 '18 at 17:18











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f478460%2fhow-a-non-root-user-sudo-to-another-non-root-user-without-password%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









3














You can edit the "User privilege specification" section of /etc/sudoers, adding:



non-root-user ALL = (appuser) NOPASSWD: ALL


This will allow non-root-user to run all commands as appuser. non-root-user will not be allowed to run commands as root.



Note that errors in /etc/sudoers can make a system unusable. The file should only be edited with:



$ sudo visudo


This special editor checks the sudoers file for errors before saving and refuses to save it if errors are found.






share|improve this answer


























  • But -r--r----- 1 root root 1225 Jun 12 12:04 /etc/sudoers. Do you think this is customised permision?

    – overexchange
    Oct 29 '18 at 15:50













  • E45 error on modifying the file with vi editor

    – overexchange
    Oct 29 '18 at 16:30













  • It looks like -r--r----- is the standard file mode for /etc/sudoers. Refer to my edited answer for how to edit it.

    – fra-san
    Oct 29 '18 at 17:18
















3














You can edit the "User privilege specification" section of /etc/sudoers, adding:



non-root-user ALL = (appuser) NOPASSWD: ALL


This will allow non-root-user to run all commands as appuser. non-root-user will not be allowed to run commands as root.



Note that errors in /etc/sudoers can make a system unusable. The file should only be edited with:



$ sudo visudo


This special editor checks the sudoers file for errors before saving and refuses to save it if errors are found.






share|improve this answer


























  • But -r--r----- 1 root root 1225 Jun 12 12:04 /etc/sudoers. Do you think this is customised permision?

    – overexchange
    Oct 29 '18 at 15:50













  • E45 error on modifying the file with vi editor

    – overexchange
    Oct 29 '18 at 16:30













  • It looks like -r--r----- is the standard file mode for /etc/sudoers. Refer to my edited answer for how to edit it.

    – fra-san
    Oct 29 '18 at 17:18














3












3








3







You can edit the "User privilege specification" section of /etc/sudoers, adding:



non-root-user ALL = (appuser) NOPASSWD: ALL


This will allow non-root-user to run all commands as appuser. non-root-user will not be allowed to run commands as root.



Note that errors in /etc/sudoers can make a system unusable. The file should only be edited with:



$ sudo visudo


This special editor checks the sudoers file for errors before saving and refuses to save it if errors are found.






share|improve this answer















You can edit the "User privilege specification" section of /etc/sudoers, adding:



non-root-user ALL = (appuser) NOPASSWD: ALL


This will allow non-root-user to run all commands as appuser. non-root-user will not be allowed to run commands as root.



Note that errors in /etc/sudoers can make a system unusable. The file should only be edited with:



$ sudo visudo


This special editor checks the sudoers file for errors before saving and refuses to save it if errors are found.







share|improve this answer














share|improve this answer



share|improve this answer








edited Mar 3 at 20:36

























answered Oct 29 '18 at 15:27









fra-sanfra-san

1,8771620




1,8771620













  • But -r--r----- 1 root root 1225 Jun 12 12:04 /etc/sudoers. Do you think this is customised permision?

    – overexchange
    Oct 29 '18 at 15:50













  • E45 error on modifying the file with vi editor

    – overexchange
    Oct 29 '18 at 16:30













  • It looks like -r--r----- is the standard file mode for /etc/sudoers. Refer to my edited answer for how to edit it.

    – fra-san
    Oct 29 '18 at 17:18



















  • But -r--r----- 1 root root 1225 Jun 12 12:04 /etc/sudoers. Do you think this is customised permision?

    – overexchange
    Oct 29 '18 at 15:50













  • E45 error on modifying the file with vi editor

    – overexchange
    Oct 29 '18 at 16:30













  • It looks like -r--r----- is the standard file mode for /etc/sudoers. Refer to my edited answer for how to edit it.

    – fra-san
    Oct 29 '18 at 17:18

















But -r--r----- 1 root root 1225 Jun 12 12:04 /etc/sudoers. Do you think this is customised permision?

– overexchange
Oct 29 '18 at 15:50







But -r--r----- 1 root root 1225 Jun 12 12:04 /etc/sudoers. Do you think this is customised permision?

– overexchange
Oct 29 '18 at 15:50















E45 error on modifying the file with vi editor

– overexchange
Oct 29 '18 at 16:30







E45 error on modifying the file with vi editor

– overexchange
Oct 29 '18 at 16:30















It looks like -r--r----- is the standard file mode for /etc/sudoers. Refer to my edited answer for how to edit it.

– fra-san
Oct 29 '18 at 17:18





It looks like -r--r----- is the standard file mode for /etc/sudoers. Refer to my edited answer for how to edit it.

– fra-san
Oct 29 '18 at 17:18


















draft saved

draft discarded




















































Thanks for contributing an answer to Unix & Linux Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f478460%2fhow-a-non-root-user-sudo-to-another-non-root-user-without-password%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

How to make a Squid Proxy server?

Image
1 I want to set up squid proxy server for monitoring user activity in a network and Internet Web URL filtering for user. I also want to configure the user login, user log, user access group, and block unwanted web sites in my network. Please help me and guide me the full process to do this. server proxy squid share | improve this question edited Jul 31 '12 at 14:45 Jorge Castro 37.1k 107 422 617 asked Jul 31 '12 at 5:16 Goivind Tiwari Goivind Tiwari
Read more

Is this a new Fibonacci Identity?

Image
6 1 $begingroup$ I have found the following Fibonacci Identity (and proved it). If $F_n$ denotes the nth Fibonacci Number, we have the following identity begin{equation} F_{n-r+h}F_{n+k+g+1} - F_{n-r+g}F_{n+k+h+1} = (-1)^{n+r+h+1} F_{g-h}F_{k+r+1} end{equation} where $F_1 = F_2 = 1$ , $r leq n$ , $h leq g$ , and $n, g, k in mathbb{N}$ . It is not too hard to show that this identity subsumes Cassini's Identity, Catalan's Identity, Vajda's Idenity, and d'Ocagne's identity to name a few. I have done a pretty thorough literature review, and I have not found anything like this, but I am still wondering if anyone has seen this identity before? I found this by accident after noticing some patterns in some analysis work I was doing, so if this is already known I would be curious to see w
Read more

Touch on Surface Book

Image
0 How can I make touch work on my Surface Book? About my Surface Book: Model: Intel Core i7-6600 U @ 2.60 GHz with 8 GB Ram and Nvidia GPU OS: Ubuntu 17.04 Latest, kernel 4.10.0-13-generic System outputs on Ubuntu: ~$ xinput list ⎡ Virtual core pointer id=2 [master pointer (3)] ⎜ ↳ Virtual core XTEST pointer id=4 [slave pointer (2)] ⎜ ↳ USB OPTICAL MOUSE id=8 [slave pointer (2)] ⎜ ↳ Microsoft Surface Keyboard Consumer Control id=10 [slave pointer (2)] ⎜ ↳ Microsoft Surface Keyboard Touchpad id=11 [slave pointer (2)] ⎣ Virtual core keyboard id=3 [master keyboard (2)] ↳ Virtual core XTEST keyboard id=5 [slave keyboard (3)]
Read more