add user accessible only to single other user

Question

On my Ubuntu 16.04 workstation I have user provided by IT staff, named "john.smith". This account is in wheel group, has password managed by LDAP (I think... I know it changes in sync with other corporate systems).

We also have build system (GBS for Tizen) that uses chroot, so it needs root access. For this reason we have prepared sudoers file that covers all necessary commands. Problem is, this works for users created locally (those that I created normally with adduser), but does not work for IT-provided accounts. So when I build something, halfway through the compilation, sudo prompt asks for password. This is nuisance when compiling from console, but total showstopper when trying to use IDE.

Running IDE as a root is unreasonable for security/usability reasons. I also need the IT-provided account as my main account for some systems.

QUESTION: Is it possible to create user "builder" that:

• will have wheel/sudo access
• be possible to login without password from "john.smith"
• will not be open-access for everyone else (I don't want to introduce security backdoor)

Then I could log-in as "john.doe", run IDE as "builder" and IDE would then not need to prompt me for password during compilation.

Answer 1

If it were me, I would not complicate things by creating a second user "builder"

I would pick one ldap account john.doe and add a file for that user to /etc/sudoers.d/ and see if that addresses the issue. Example:

root@ubuntuHost:~# cat  /etc/sudoers.d/john.doe
john.doe ALL=(ALL) NOPASSWD: ALL
root@ubuntuHost:~# 

Replace ALL with security settings as appropriate.

This would address your request as follows:

1. The account will have wheel/sudo access
2. be possible to login run sudo without password from "john.smith" (If you want login without password, I would look at ssh with keys).
3. will not be open-access for everyone else