When I do sudo su - john I become user john without asking for a password.
But when I do: sudo su - john /usr/share/script_to_run.pl I am asked for a password.
Same also for sudo -u john /usr/share/script_to_run.pl
Why? What am I doing wrong here?
Now, first of all, the - means that you want a login shell. The first statement means that you want to, as root (hence the sudo), want to make it appear as you logged in as john. Somewhere it is configured that the user you are currently logged in as has the rights to do sudo without using a password.
What happens in the first instance is that you execute one command su - john (meaning "log me in as john), and you do that as root (since you put sudo first). Your current user has sudo-without-password-rights, and root has the right to become any user.
The second try is wrong. You can't use su to execute a command in that way, and when you want su to execute a single command, I see no reason to make it a login shell.
In the third option, you (as the currently logged in user) want to "become" john for one command. For that, you will need johns password. (When you do this as root, however, you don't need the password.)
To make it work you could probably try
sudo su --command="/usr/share/script_to_run.pl" john
or maybe even the more exotic looking
sudo sudo -u john /usr/share/script_to_run.pl
"sudo" was designed to give all the functionality of "su", but not require them to use the other user's password. The answers you need are within the /etc/sudoers file, editable with the "sudo visudo" command. here you will find that you can make your user not require a password:
cratylus ALL=(ALL) NOPASSWD: ALL
thence submit queries with
sudo -u cratylus the statement
note: don't quote the statement - you only do this for the "su -c" command.
