In Amazon linux on my ec2 server, how do I allow a group of restricted users to su to a specific user. Also I would like for them not to be prompted for password. I have a group called 'my-users' and a user called 'app-admin'. I would like for 'my-users' to be able to su into 'app-admin' and use that user to run programs. I don't want 'my-users' to have root access. Do I need to edit the sudoers file? Do I need to edit the /etc/sudoers.d/cloud-init file?
3
-
1Tell the password of app-admin to your trusted users, then they can su to that user anytime.Ipor Sircer– Ipor Sircer2018-08-15 19:15:44 +00:00Commented Aug 15, 2018 at 19:15
-
I want to users being in the 'my-users' group to be the only requirement to su into the 'app-admin' user. I want to avoid the use of passwords in this case.Cale Sweeney– Cale Sweeney2018-08-15 19:18:34 +00:00Commented Aug 15, 2018 at 19:18
-
Then create a suid binary shell file, with owner: app-admin, and group: my-users, other: 000Ipor Sircer– Ipor Sircer2018-08-15 19:21:29 +00:00Commented Aug 15, 2018 at 19:21
Add a comment
|
1 Answer
I figured out the answer. In your sudoers file, you can put the following entry:
%my-users ALL=NOPASSWD: /bin/su - app-admin
Then you can use the following to login:
sudo su - app-admin
Note: Be sure to use sudo visudo to edit anything sudo related or you could corrupt your sudo privileges.