[sudo-users] allowing command with or without parameter
Holger.vanKoll at swisscom.com
Holger.vanKoll at swisscom.com
Fri Nov 9 10:31:31 EST 2012
Hello,
I want to allow users of the (unix-)group "dba" to be able to su to (unix-)user db2tip.
They shell be able to do
sudo su - db2tip
but also
sudo su - db2tip -c /any/command.
Currently I use this in sudoers
%dba ALL=(ALL) NOPASSWD: /usr/bin/su - db2tip, /usr/bin/su - db2tip *
and it works; however; can this combined into one statement?
I thought the sudoers-entry
/usr/bin/su - db2tip *
alone would allow a
sudo su - db2tip
as the asterik "Means that the preceding symbol (or group of symbols) may appear zero or more times.", but it doesnt.
It allows
sudo su - db2tip ""
and
sudo su - db2tip /some/command
but not a simple
sudo su - db2tip
I know about the presence of the -u flag, however, would like to not force the users to use it.
Regs, Holger
More information about the sudo-users
mailing list