I have 2 users, userA and userB. userB needs to run some commands as userA. I have specified these options in /etc/sudoers as below:
userA ALL=(ALL) ALL
userB ALL=(vinoth) /sbin/fdisk
I ran this command as userB:
sudo -u userA fdisk -l
It asked for the password of userB. Once I entered the password, the command didn't give the fdisk output.
In your configuration you allowed:
userA to run any command as any useruserB to run fdisk as vinothfdisk by default requires root privileges to access the devices, you cannot run it as userA, ie. you can run, but fdisk -l will print no output, which is what you got.
Finally sudo command is not transitive. When you execute a command from userB account using sudo -u userA <command>, the <command> will be run using userA credentials and the fact that userA has settings defined in sudoers does not apply to this command.
sudo -uTo allow userB to execute command as userA you need to put the following into sudoers:
userB ALL=(userA) /usr/bin/whoami
then login to shell as userB and execute:
$ sudo -u userA whoami
userA
But userA has permissions to run whoami (which it does). It does not for fdisk.
fdisk for regular usersfdisk itself is not restricted to root account, however it requires access to disk devices (stored in /dev which are not accessible to regular users). To give user permission to run fdisk you can either:
Enable sudo for the account. Running sudo fdisk -l effectively means fdisk is run on root account.
Add the account to disk group, which will allow running fdisk -l without sudo, using account credentials.
fdisk, then your configuration in the original post would work.
– Chris
Feb 08 '16 at 11:35
userA ALL=ALL then only im trying to run the command as userA
– vinothsaran
Feb 08 '16 at 11:52
userBrunfdiskasuserA? – terdon Feb 08 '16 at 11:01