5.3.1 ProblemYou want one user to run commands as another, without sharing passwords. 5.3.2 SolutionSuppose you want user smith to be able to run a given command as user jones. /etc/sudoers: smith ALL = (jones) /usr/local/bin/mycommand User smith runs: smith$ sudo -u jones /usr/local/bin/mycommand smith$ sudo -u jones mycommand If /usr/local/bin is in $PATH User smith will be prompted for his own password, not jones's. The ALL keyword, which matches anything, in this case specifies that the line is valid on any host. 5.3.3 Discussionsudo exists for this very reason! To authorize root privileges for smith, replace "jones" with "root" in the above example. 5.3.4 See Alsosudo(8), sudoers(5). |