Problem: You want one user to run commands as another, without sharing passwords
Solution: Suppose you want user smith to be able to run a given command as user jones.
/etc/sudoers
smith ALL = (jones) /usr/local/bin/mycommand
user smith
smith$ sudo -u jones /usr/local/bin/mycommand
smith$ sudo -u jones mycommand --- if /usr/local/bin/ is in $PATH
user smith will be prompted for his own password, not jones's. The ALL keyword, which matches anything, in this case specifies that the line is valid on any host.
Solution: Suppose you want user smith to be able to run a given command as user jones.
/etc/sudoers
smith ALL = (jones) /usr/local/bin/mycommand
user smith
smith$ sudo -u jones /usr/local/bin/mycommand
smith$ sudo -u jones mycommand --- if /usr/local/bin/ is in $PATH
user smith will be prompted for his own password, not jones's. The ALL keyword, which matches anything, in this case specifies that the line is valid on any host.
No comments:
Post a Comment