Permit user to switch to application user in sudoers

0

As an effort to extend security on our main job server I would like to tinker around with rights and restrict all useless permissions. Especially bothers Jenkins running as jenkins ALL=(ALL) bothers me running on our server. We use him to run applications and scripts periodically as application user(s).

I would like to enable Jenkins to su only to specific users, or better, to a specific group like su -u [member of group system_users].

Is this possible with sudoers permissions? Can it be done elsewhere?

calaedo

Posted 2017-04-10T07:31:16.360

Reputation: 11

Answers

0

I added links to the man page to be helpful, please don't feel judged. The sudoers man page is seriously difficult if you don't already know what you're looking for. Hope this helps. I must recommend a book by Michael W. Lucas on Sudo Mastery. It was the primer I needed.

User aliases shown here: https://www.sudo.ws/man/1.8.15/sudoers.man.html#EXAMPLES

User_Alias THEUSERS = user1, user2, user3

Runas user definition: https://www.sudo.ws/man/1.8.15/sudoers.man.html#Runas_Spec

jenkins ALL=(THEUSERS) ALL

CoreyJJohnson

Posted 2017-04-10T07:31:16.360

Reputation: 126

Asked: 2017-04-10T07:31:16.360

Viewed: 98 times

Active: 2017-10-04T23:44:15.297