[sudo-users] "su" to any user BUT root + run any command without being prompted for password

Vitezslav Cizek vcizek at suse.cz
Mon May 7 04:50:23 EDT 2012

* V Pátek  4. květen 2012, 20:22:30 [CEST] Gonzalez, Aliep napsal:
> Hello All,
> Environment: RHEL6, native version of the sudo binary
> (sudo-1.7.2p2-9.el6.x86_64).
> I am trying to allow a certain group of users to be able to "su" to any
> user on the system but to root. I also want those users to be able to
> run any command on the system without being prompted for password.

Your requirements go against each other.
When the users can run arbitrary commands without a password,
they have plenty of ways to gain root privileges. (sudo /bin/sh, etc.)

Vita Cizek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: </pipermail/sudo-users/attachments/20120507/f4c337a2/attachment.bin>

More information about the sudo-users mailing list