Running ~ 15 servers, and the deploy user will need to get to about 6 of them. I added the deploy user to each box and ssh keys, but my main problem is the bounce box. Users will ssh to bounce box as themselves, and what I want to happen is they sudo su - deploy, but not su.
I've adjusted sudoers to the following
#root all = (ALL) ALL <---Comment this line %wheel ALL = (ALL) NOPASSWD: ALL <---Uncomment this line
and adjusted /etc/pam.d/su to the following:
#auth include common-auth <---Comment this line auth required pam_wheel.so trust use_uid <---add this line
so everyone in wheel can su - deploy without a password, but they can still su to root. Any help is appreciated. This is on sles11, btw.
[link][5 comments]