0

How can I do su from one user to another in same server without any password prompt for example su - xyz while in ABC user profile. Note:- I can't do sudo only su is required.

Nitesh Prakash
  • 1

1 Answers1

1

AFAIK, it's not possible for compelling security reasons (unless you have sudo privileges that allow it, which is a risk in and of itself).

  1. If someone gains access to one account, that account's data is compromised. If that account has sudo permissions, every account is compromised. If the account has sudo permissions, your desired situation becomes possible. Let's say account a has been compromised (it's password was somehow magically hacked through a live disk for example). a has sudo privileges. If a runs sudo su b and enters the password correctly, they have access to account b without any password but their own. This is obviously undesirable, and is an argument for ensuring sudo is configured safely.

  2. Here's a new scenario: user x doesn't have sudo permissions, but can run su y without y's password. y has sudo permissions, and thinking "no one will ever guess this," set his password to 1234. x runs su y and then runs sudo su and enters 1234. x would gain root privileges, despite the admin deliberately (maybe the admin knows x would trust Internet comments that are a threat to security - though such an admin would be smart enough to make sure passwords weren't 1234, this is a hypothetical situation) not giving them to x. Hi security breach, my name is gurk! (That's the sound I imagine an [incapable of existing] sentient AI would make upon being attacked by a [also incapable of existing] sentient virus).

My answer can be summarized as:

No, it's impossible (on a well-setup computer. Someone who doesn't know what they're doing might set it up so you could, but that's Bad with a capital B). If you could do it, so could anyone else, and that's a huge security threat.

I apologize if this isn't what you were hoping for.

pixelherodev
  • 35