Run a command via sudo but as a different user

This sounds simple & it is as long as you are doing it on the command line & not inside a script.
Let's talk about the scenario first. Suppose I'm a user & my user name is sahil. I have sudo privileges to work as user testuser.

[sahil@centops ~]$ sudo -l
Matching Defaults entries for sahil on this host:
    !visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR
    USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME
    LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
    secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User sahil may run the following commands on this host:
    (root) NOPASSWD: /usr/bin/sudo su - testuser

I need to run a script involving a command that needs to be executed as test user. Sounds simple enough. Here's a mundane example:

[sahil@centops ~]$ cat test.sh
#!/bin/bash

echo "Script to test sudo privileges"

/usr/bin/sudo su - testuser
cp /home/testuser/file1 /home/testuser/file2

if [ $? -eq 0 ]
then
        echo "command was successful"
else
        echo "There seems to be a problem"
fi

So, that's a simple script to switch to testuser, copy a file & then confirm if the file was copied successfully. But when I run it it doesn't work as I intend it to. Here's the output of running the script in debug mode with -x option.

[sahil@centops ~]$ bash -x test.sh

+ echo 'Script to test sudo privileges'

Script to test sudo privileges

+ /usr/bin/sudo su - testuser

[testuser@centops ~]$ exit

logout

+ cp /home/testuser/file1 /home/testuser/file2

cp: accessing `/home/testuser/file2': Permission denied

+ '[' 1 -eq 0 ']'

+ echo 'There seems to be a problem'

There seems to be a problem

What happened is that when the sudo command ran, I switched from the user sahil to the testuser & got a new shell. The remaining commands in the script will be executed only after I exit the new shell I got as testuser. When I do so, the copy operation fails since I've logged back in as user sahil & he does not have the required privileges. So now that we've understood the problem, let's apply the fix.

To start things off, we need to edit the sudoers entry for the user sahil. It should like this is:

sahil ALL=(testuser:testuser)  ALL

What the above line says is that we'd like to allow the user sahil to be able run any command as testuser user & testuser group privileges & on all terminals.

The sudo -l output post this addition will look this:

[sahil@centops ~]$ sudo -l
Matching Defaults entries for sahil on this host:
    !visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR
    USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME
    LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
    secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User sahil may run the following commands on this host:
    (testuser : testuser) ALL
[sahil@centops ~]$

I've modified our script as follows:

[sahil@centops ~]$ cat test.sh

#!/bin/bash

echo "Script to test sudo privileges"

sudo  -u testuser cp /home/testuser/file1 /home/testuser/file2

if [ $? -eq 0 ]

then

        echo "command was successful"

else

        echo "There seems to be a problem"

fi

[sahil@centops ~]$

Now let's execute it.

[sahil@centops ~]$ ./test.sh

Script to test sudo privileges

command was successful

[sahil@centops ~]$