current community

your communities

more stack exchange communities

Stack Exchange
tour help
Take the 2-minute tour ×
Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un*x-like operating systems. It's 100% free, no registration required.
up vote 1 down vote favorite

I have the following problem

When I'm trying to execute ls as user abc with the following command I get an error:

xyz@host:~/temp$ sudo -u abc ls
[sudo] password for xyz:
Sorry, user xyz is not allowed to execute '/bin/ls' as abc on host.

But if I do su abc and then execute ls I have no problem

Can anyone help?

share|improve this question

2 Answers 2

up vote 2 down vote accepted

You should configure sudo security policy to allow user xyz exec something as user abc. Read 'man sudoers' and use visudo command to configure /etc/sudoers.

For example let's allow user xyz exec /usr/bin/whoami as user abc without password. Add this string into /etc/sudoers (with visudo, don't edit /etc/sudoers directly):

xyz ALL = (abc) NOPASSWD: /usr/bin/whoami

And now test it:

xyz@host:~$ sudo -u abc /usr/bin/whoami
abc
share|improve this answer
up vote 2 down vote

This is because sudo is different from su. When you su abc, you become the user abc as far as the system is concerned. You can then do anything that abc can do.

On the other hand, sudo is used to allow other users to execute some commands by proxy. In other words, your sudo configuration allows you to do some commands on behalf of abc. If the command you're trying to execute is not one of them, you get the error you reported.

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.