- I have user temp1 belonging to techx group
$ id
uid=1006(temp1) gid=1002(techx) groups=1002(techx)
- We have user tomcat belonging to webadm group
$ id
uid=1017(tomcat) gid=1001(webadm) groups=1001(webadm)
- We have user root belonging to root group.
$ id
uid=0(root) gid=0(root) groups=0(root)
My requirement is temp1 user should be able to sudo to any user belonging to webadm group and then from webadm group to sudo to root i.e temp1 -> tomcat -> root
I made the below changes in bold to the sudoers file using visudo to fulfill the above requirement.
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
%techx ALL=(ALL:webadm) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
%webadm ALL=(ALL:root) NOPASSWD: ALL
But for some strange reason temp1 is able to directly sudo to root bypassing webadm group's user as u can see below.
[temp1@development_techx ~]$ sudo -u root -s -H
[sudo] password for temp1:
[root@development_techx temp1]# id
uid=0(root) gid=0(root) groups=0(root)
Can you please point out what is incorrect with my sudoers file above becoz of which it cant enforce users to techx to sudo to users of webadm and then eventually to root group ?