[sudo-users] How userA can run userB's script

christian.peper at kpn.com christian.peper at kpn.com
Tue Apr 28 02:41:44 EDT 2009

> -----Original Message-----
> I have userA and userB on the system. There is a process 
> running with userA's ID and I would like the process to run a 
> script owned by userB with userB's password.
> What do I need to add to /etc/sudoers to do this?
> There is a setting in sudoers which lets you use the target 
> user's password, i.e.
> Defaults targetpw
> But it seems to be a default behavioral change of 'sudo' that 
> affects every users, not just userA, right?

Why does userA need to run the script with userB's passwd?
Sudo will let userA run the script owned by userB on machine B without the need for a passwd. Isn't that enough?

userA ALL=(userB) NOPASSWD: /home/userB/scripts/runthis.sh

Please note that allowing someone to run scripts this way without a passwd opens op security holes, since scripts could be edited, symbolically linked to, copied, etc.

You could also use xattrib to set more detailed file permissions than the common u,g,o+rx.


More information about the sudo-users mailing list