Two users (admin + non-admin) what is the right usage of su/sudo?

Question

I have two users on a macos. U1 is a non-admin user and U2 is a admin user.

I cannot add U1 to the sudoers. Is there a way to use U2 to act as if it was U1 issuing sudo <command>?

My thinking:

1. U1> su U2
2. U2> sudo -u U1 <command>

Is this the correct way to achieve the same result as if U1 could issue sudo <command>?

I tried to set an environment variable as U1 before line 1. and print it out in 2. with sudo -u U1 echo $VAR and it worked, i get the correct value back. But I am still unsure that's the correct process to install complex packages etc. from U2 on behalf of U1.

Any corrections/suggestions?

Answer 1

If I understand what you're trying to do, just omit the -u U11:

1. U1> su U2
2. U2> sudo <command>

Note that you'll have to authenticate at each step; in both steps, you use the U2 user's password.

Explanation: su and sudo are both ways of effectively switching user identities (or, more accurately, running commands as a different user identity). Generally, when you use sudo, it's to run commands as the root user. You can use sudo -u someotheruser to run commands as someone/something other than root, but by default sudo runs commands as root, and that's presumably what you're trying to do.

(People sometimes talk about running things "as sudo", but that's nonsense; what they're actually talking about is using sudo as a tool to run things as root.)

What the steps in your question would do is to 1) use su to switch from U1 to U2, then 2) use sudo -u U1 to switch back to U1, leaving you pretty much right back where you started.