Tran Nghi's Site  - Make notes and share experience

Sudoers – Give a user permission to login as another user

This post is also available in: English

Sudo (su “do”) allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments. For more information, see the introduction to Sudo. Sudo is free software, distributed under an ISC-style license.

Interesting topics:

  1. How to grant permission to user for a specific task?
  2. How to let a non-sudo user to login as another user?
    For example: I want user ubuntu login as jenkins to execute a bash script.
  3.  Default of /etc/sudoers
  4. What different by adding a user to sudo group instead of define a privilege specification in /etc/sudoers?
  5. What different between su and sudo?

1. How to grant permission to user for a specific task?

2. How to let a non-sudo user to login as another user?

3. Default of /etc/sudoers

It does not always the same for any unix/linux server.
In my case, I already have these “User Privilege Specification” as default:

# User privilege specification
root ALL=(ALL:ALL) ALL
ubuntu ALL=(ALL) NOPASSWD:ALL

It means:

  • root can execute anything, by login as another user.
    For example: I can login as jenkins user from root by command su jenkins, then perform a specific task a jenkin user.
  • ubuntu can execute anything, by login as another users (even root user)
    For example:

    • you can restart a service: eg. sudo service apache2 restart
    • or you can login as root: eg. sudo -i (equal to sudo -i -u root)
Message