[Freeipa-users] Re: Allow "sudo su - USER" to only the specified user

Larkin, Patrick via FreeIPA-users Fri, 22 Jan 2021 08:52:06 -0800


On 1/22/2021 10:16 AM, Dominik Vogt via FreeIPA-users wrote:

______________________________________________________________________
On Fri, Jan 22, 2021 at 03:33:50PM -0000, Russ Long via FreeIPA-users wrote:

I'm trying to come up with a Sudo rule that will allow a user to
"su" to only a single specified user. I need to give a DBA access
to the oracle user account.

...

Is there a specific reason why you need "sudo su" instead of using
just sudo?

I agree with Dominik: "sudo su" is a pet peeve of mine. It isunnecessary and actually less secure. Use "sudu -u youruser" instead.

setup like this:

 ipa sudorule-add-runasuser --users=jsmith readfiles


https://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/defining-sudorules.html#ex.sudo-runas


--
Pat Larkin <patrick.lar...@sabre.com> | TEO | Texas USA  |
Principal | Linux Infrastrucuture Managment & Operations |
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: Allow "sudo su - USER" to only the specified user

Reply via email to