I’m sure this question has been answered before, but I can’t find an answer that I like. I would like to write a shell script that executes a very specific script as another user (I want anyone to be able to start postgres as the postgres user). The script will have 710 perms so it will be executable by a certain group but not readable or writable by that group.

Now, I’m pretty sure there’s no way to use ‘su’ without an interactive password prompt. There are lots of good reasons for that and I don’t need to be convinced of the merit of those reasons (I’m told that someone savvier than me could grab the password off the processes list which is bad).

Question is, more generally how would I accomplish what I want to do without abusing unix security paradigms? Is there a way to allow user to execute a very specific process as another user?