Let one user become another user?

einpoklum asked:

On (most) Linux systems, we can let a specific user su into anyone they want by placing him in the wheel group and making some settings in /etc/pam.d/su.

I want to do something more limited: I want to let a certain user user1 be able to "become" (as in su) another specific user user2 – but only this pair. i.e. the user1 should not be able to become anybody they want, nor can other users be allowed to become user2.

Can this be done, and if so – what is the least-ugly way to do so?

Note: Assume I have root. If this can somehow be done by user2 and user1 without root privileges, that would be great, but I doubt it.

My answer:


sudo can already do this. A trivial example lets user1 sudo to user2 and run any command:

user1 ALL=(user2) ALL

Examples:

Run a command as user2:

sudo -u user2 ls

Get an interactive shell:

sudo -i -u user2

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.