sudo -iu not working as expected

I was trying to allow a user to sudo to another account and run a specific command. I'm not a fan of getting them to run through su since it doesn't make much sense to involve a third tool in the equation. I could get it working with the following:

theiruser ALL=(runasuser) NOPASSWD:/usr/local/bin/

The user could run with sudo -u runasuser /usr/local/bin/ and it worked as expected but if they tried sudo -iu runasuser /usr/local/bin/ they got prompted for a password as the command didn't match.

I found out that the -i option runs the command through their login shell with a -c option, so in the instance of this user, /bin/bash. So I just had to change the sudoers to this:

theiruser ALL=(runasuser) NOPASSWD:/bin/bash -c /usr/local/bin/

After that
sudo -iu runasuser /usr/local/bin/
works as expected.

Add new comment

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

About the Author...

Slides from LISA 2019 Linux systems troubleshooting #LISA2019 Tue Oct 29 05:59:30 +0000 2019 configuring grub2 with EFI Fri Sep 13 05:20:01 +0000 2019

I published a Thing on @thingiverse! #thingalert Tue Jul 23 19:27:57 +0000 2019

Nokogiri install on MacOSX Fri Jul 12 15:06:49 +0000 2019

HTML email with plain mailer plugin on Jenkins Thu Jul 11 21:07:25 +0000 2019