I edited sudoers by hand however it should give you something to aim towards ...
[root@orable76 ~]# grep angus /etc/sudoers
angus ALL=NOPASSWD: /usr/bin/su - appuser
[root@orable76 ~]# su - angus
Last login: Fri Jan 22 17:01:30 CET 2021 on pts/0
[angus@orable76 ~]$ sudo su - appuser
Last login: Fri Jan 22 17:01:31 CET 2021 on pts/0
[appuser@orable76 ~]$
Regards
Angus
________________________________
From: Russ Long via FreeIPA-users <freeipa-users(a)lists.fedorahosted.org>
Sent: 22 January 2021 16:33
To: freeipa-users(a)lists.fedorahosted.org <freeipa-users(a)lists.fedorahosted.org>
Cc: Russ Long <kd8fre(a)gmail.com>
Subject: [Freeipa-users] Allow "sudo su - USER" to only the specified user
I'm trying to come up with a Sudo rule that will allow a user to "su" to
only a single specified user. I need to give a DBA access to the oracle user account.
This serverfault article details exactly what I want to do, however this is not for
FreeIPA.
I've tried creating a sudo command that's "/usr/bin/su - USER" and other
variations to no avail.
I've also tried creating a sudo rule that allows all commands to be run as
"USER".
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.f...
List Guidelines:
https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedora...
List Archives:
https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists....