You want one user to run commands as another, without sharing passwords.
Suppose you want user smith to be able to run a given command as user jones.
/etc/sudoers: smith ALL = (jones) /usr/local/bin/mycommand
User smith runs:
smith$ sudo -u jones /usr/local/bin/mycommand smith$ sudo -u jones mycommand If /usr/local/bin is in $PATH
User smith will be prompted for his own password, not
keyword, which matches anything,
in this case specifies that the line is valid on any host.
sudo exists for this very reason!
To authorize root privileges for smith, replace “jones” with “root” in the above example.