Sudo – How to Sudo Another User Without Password

sudo

Parts of the configuration in my /etc/sudousers

#includedir /etc/sudoers.d
web ALL=NOPASSWD: ALL
somebody ALL=NOPASSWD: ALL

I have two non-super users granted with sudo-without passsword. Each of them can become the root without password, but I try this:

web@web01:~$ sudo -u somebody sudo echo "success"
[sudo] password for web:

let user web to become somebody and execute another sudo command, the system ask me for password.
How do I configure sudouser to disalbe the password-asked ?

Best Answer

Append the following entry to the end of your sudoers file.

somebody ALL=(ALL) NOPASSWD:ALL

Related Solutions

Ssh-agent forwarding and sudo to another user

As you mentioned, the environment variables are removed by sudo, for security reasons.

But fortunately sudo is quite configurable: you can tell it precisely which environment variables you want to keep thanks to the env_keep configuration option in /etc/sudoers.

For agent forwarding, you need to keep the SSH_AUTH_SOCK environment variable. To do so, simply edit your /etc/sudoers configuration file (always using visudo) and set the env_keep option to the appropriate users. If you want this option to be set for all users, use the Defaults line like this:

Defaults    env_keep+=SSH_AUTH_SOCK

man sudoers for more details.

You should now be able to do something like this (provided user1's public key is present in ~/.ssh/authorized_keys in user1@serverA and user2@serverB, and serverA's /etc/sudoers file is setup as indicated above):

user1@mymachine> eval `ssh-agent`  # starts ssh-agent
user1@mymachine> ssh-add           # add user1's key to agent (requires pwd)
user1@mymachine> ssh -A serverA    # no pwd required + agent forwarding activated
user1@serverA> sudo su - user2     # sudo keeps agent forwarding active :-)
user2@serverA> ssh serverB         # goto user2@serverB w/o typing pwd again...
user2@serverB>                     # ...because forwarding still works

Sudo as different user and running screen

Try running script /dev/null as the user you su to before launching screen - its a ghetto little hack, but it should make screen happy.

Best Answer

Related Solutions

Ssh-agent forwarding and sudo to another user

Sudo as different user and running screen

Related Topic