I would like to run a script from the main ubuntu shell as a different user that has no password.
I have full sudo privileges, so I tried this:
sudo su -c "Your command right here" -s /bin/sh otheruser
Then I have to enter my password, but I am not sure if that script is now really running under that user.
How can I confirm that the script is really running under that user now?
You can do that with su or sudo, no need for both.
sudo -H -u otheruser bash -c 'echo "I am $USER, with uid $UID"'
The relevant parts of man sudo:
-H The -H (HOME) option requests that the security policy set
the HOME environment variable to the home directory of the
target user (root by default) as specified by the password
database. Depending on the policy, this may be the default
behavior.
(Starting from Ubuntu 19.10, -H is no longer needed as this is now the default behaviour. See: How does sudo handle $HOME differently since 19.10?)
-u user The -u (user) option causes sudo to run the specified
command as a user other than root. To specify a uid
instead of a user name, use #uid. When running commands as
a uid, many shells require that the '#' be escaped with a
backslash ('\'). Security policies may restrict uids to
those listed in the password database. The sudoers policy
allows uids that are not in the password database as long
as the targetpw option is not set. Other security policies
may not support this.
su can only switch user without providing a password if you are root. See Caleb's answer
You can modify the /etc/pam.d/su file to allow su without password. See this answer.
If you modified your auth file to the following, any user that was part of group somegroup could su to otheruser without a password.
auth sufficient pam_rootok.so
auth [success=ignore default=1] pam_succeed_if.so user = otheruser
auth sufficient pam_succeed_if.so use_uid user ingroup somegroup
Then test from terminal
rubo77@local$ su otheruser -c 'echo "hello from $USER"'
hello from otheruser
If you want to use su instead of sudo, I believe you can use something like this:
su - <username> -c "<commands>"
- will simulate a login of the specified user-c tells it that you want to run a commandps. Unfortunately I'm not able to install ruby using rvm with this method, but that's probably not related.
sudo to the beginning otherwise it asked me for my password.
– IanVaughan
Jul 20 '15 at 12:42
sudo. with sudo it works, for example: sudo su - www-data -c "touch /tmp/test"successfully created a file as www-data
– rubo77
Sep 24 '16 at 08:41
/bin:/usr/bin), so my command (similar to your rvm) wasn't found.
– PLG
Nov 11 '20 at 18:25
su, you are performing a login. su literally stands for "switch user". sudo lets you mask yourself as the root user, whereas su lets you log in as that user (or any user so long as you have the appropriate passwod.) Using sudo su is like saying "Hey, this is the root account . Could you switch me to the root account?" That said, it still has it's place.
– Nate T
Oct 08 '21 at 17:35
The answers above are really useful to me but to answer the actual question...
How can I affirm that the script is really running under that user now?-
Use:
ps -ef | grep <command-name>
The output should include your script and the actual user executing it. People on BSD-like systems, e.g. MAC can find similar information with:
ps aux | grep <command-name>
Make sure you switch to root user with command sudo su and then use the command
su user -s <command>
For example: su www-data -s bin/magento cache:clean
sudo su - <user> as in sudo su - <user> -s <command>
– trebor
Jul 11 '23 at 18:52
root@localhost:/# su - johndoh -c "whoami"
johndoh
root@localhost:/# su - johndoh -c "echo \"hi $(whoami)\""
hi root
root@localhost:/# su - johndoh -c "echo \"hi \$(whoami)\""
hi johndoh
root@localhost:/#
You can use sudo to do this. First, you need to modify the /etc/sudoers file to add a rule that allows the hudson user to become the other user for the script in question. Let's assume you have a user1 account that needs to run /usr/local/bin/my_script.sh.
Run visudo to modify the sudoers file.
Then, use the following sudo command to run the script from hudson.
It's very important that you use visudo to modify the sudoers file in order to check the file for errors before putting it in place. Also, I'd suggest a quick read through man sudoers in order to clearly understand what the above does before adding it to your configuration.
sudoers file.
– WinEunuuchs2Unix
Nov 11 '20 at 18:51
I have created few users without password using
sudo adduser --gecos "" --disabled-password --no-create-home user1
sudo adduser --gecos "" --disabled-password --no-create-home user2
To confirm please check
% sudo cat /etc/shadow | grep user
user1:*:19022:0:99999:7:::
user2:*:19022:0:99999:7:::
I have written a shell script named testing.sh like:
#!/bin/bash
whoami
id
Now I am going to run this script as different users who do not have any password.
$ sudo runuser -u user1 -- bash testing.sh
user1
uid=1001(user1) gid=1001(user1) groups=1001(user1)
$ sudo runuser -u user2 -- bash testing.sh
user2
uid=1002(user2) gid=1002(user2) groups=1002(user2)
I use "ssh" pointing to the same local machine. This enables me to run the shell script or command passwordless.
ssh target-user@localhost script-to-execute
First, I make sure the host-user saved his public key to the target user (in the same machine). Then I execute the ssh command I showed above.
The result, is a command/script run as the target user, without even entering a password.
sutoo? – rubo77 Oct 06 '14 at 12:33HOMEvariable just for the command I run? (meaning that the next ones will be run as before) – Victor Feb 28 '16 at 17:34sudo -H -u user bash -c 'echo ~'– xi.lin Aug 01 '17 at 02:24myuser ALL=NOPASSWD: ALLin sudo visudo – Nam G VU Mar 27 '19 at 10:03visudocontent is very short and only a few line definin the NOPASSWD as above. – Nam G VU Mar 28 '19 at 07:48