sudo su - user -c still asks for original user password

Question

I think this may be a configuration issue, but I'm looking for confirmation/suggestions.

From terminal or script, the following:

user1$ sudo su - user2 -c "pwd"

prompts me for the original user1's password. However, the following:

user1$ sudo su - user2

user2$ pwd

user2$ /home/user2

works just fine.

sudo - l is showing correct permissions for user1 to switch to user2, and I'm a bit stumped as to why passing a command in via -c argument fails, but performing each step individually works just fine.

Thanks in advance for suggestions.

I don't think this question is a programming question. – KamilCuk Jun 22 '18 at 15:37 — KamilCuk, Jun 22 '18 at 15:37

score -1 · Answer 1 · answered Jun 22 '18 at 15:38

From man sudoers:

runaspw
If set, sudo will prompt for the password of the user defined by the runas_default option (defaults to root) instead of the password of the invoking user when running a command or editing a file. This flag is off by default.
... targetpw
If set, sudo will prompt for the password of the user specified by the -u option (defaults to root) instead of the password of the invoking user when running a command or editing a file. Note that this flag precludes the use of a uid not listed in the passwd database as an argument to the -u option. This flag is off by default.

You need to check your /etc/sudoers file. Add to it:

Defaults targetpw

To make sudo ask for the target use password always.

Please re-read the question. This isn't a matter of asking for a password. The original user already has permissions to switch to the second user. — user9978939, Jun 23 '18 at 20:31

sudo su - user -c still asks for original user password

1 Answers1