[sudo-users] How userA can run userB's script
christian.peper at kpn.com
christian.peper at kpn.com
Tue Apr 28 02:41:44 EDT 2009
> -----Original Message-----
> I have userA and userB on the system. There is a process
> running with userA's ID and I would like the process to run a
> script owned by userB with userB's password.
> What do I need to add to /etc/sudoers to do this?
>
> There is a setting in sudoers which lets you use the target
> user's password, i.e.
>
> Defaults targetpw
>
> But it seems to be a default behavioral change of 'sudo' that
> affects every users, not just userA, right?
Why does userA need to run the script with userB's passwd?
Sudo will let userA run the script owned by userB on machine B without the need for a passwd. Isn't that enough?
userA ALL=(userB) NOPASSWD: /home/userB/scripts/runthis.sh
Please note that allowing someone to run scripts this way without a passwd opens op security holes, since scripts could be edited, symbolically linked to, copied, etc.
You could also use xattrib to set more detailed file permissions than the common u,g,o+rx.
Chris.
More information about the sudo-users
mailing list