Linux run command with user

Linux Run Command As Another User

Dear nixCraft,
I just want to know how to run Linux commands as another user or as the root user?
–Sincerely,
Confused About Linux commands.

Dear Confused,
You can use the following commands to run as another user or as root user on Linux.

1. Using Linux runuser command as another user

Only session PAM hooks are run, and there is no password prompt. If run as a non-root user without privilege to set user ID, the command will fail as the binary is not setuid. As runuser doesn’t run auth and account PAM hooks, it runs with lower overhead than su.

For example, as a root user you may want to check shell resource limits for oracle user, enter:
# runuser -l oracle -c ‘ulimit -SHa’
Check nginx or lighttpd web server limitations:
# runuser -l nginx -c ‘ulimit -SHa’
# runuser -l lighttpd -c ‘ulimit -SHa’
Sometime, a root user can not browse NFS mounted share due to permission (security) issue:
# ls -l /nfs/wwwroot/cyberciti.biz/http
OR
# cd /nfs/wwwroot/cyberciti.biz/http
Sample outputs:

However, apache user is allowed to browse or access nfs based system mouted at /nfs/wwwroot/cyberciti.biz/http/:
# runuser -l apache -c ‘ls -l /nfs/wwwroot/cyberciti.biz/http/’
# runuser -l apache -c ‘cd /nfs/wwwroot/cyberciti.biz/http/; vi index.php’
No password is required to use runuser command and it must be run by root user only. Sometimes sudo or su will give following error:

To get around this try the following syntax:
# runuser -u www-data — command
## Run commands as www-data user ##
# runuser -u www-data — composer update —no-dev
# runuser -u www-data — php7 /app/maintenance/update.php

The runuser command options

1. -l user_login_name : Make the shell a login shell, uses runuser-l PAM file instead of default one.
2. -g group : Specify the primary group.
3. -G group : Specify a supplemental group.
4. -c COMMAND : Pass a single COMMAND to the shell with -c.
5. —session-command=COMMAND : Pass a single COMMAND to the shell with -c and do not create a new session.
6. -m : Do not reset environment variables.
7. -u username : Run command as given username to get around ‘su -‘ or ‘sudo’ limit.

2. Run a Linux command with substitute user and group ID using ‘su command’

The su command allows you to become a super user or substitute user, spoof user, set user or switch user. It allows a Linux user to change the current user account associated with the running console or shell provided that you know the target user’s password. The syntax is as follows:

Источник

Allow A Normal User To Run Commands As root Under Linux / UNIX Operating Systems

From my mail bag:

I would like to run few commands such as stop or start web server as a root user. How do I allow a normal user to run these commands as root?

You need to use the sudo command which is use to execute a command as another user. It allows a permitted user to execute a command as the superuser or another user, as specified in the /etc/sudoers (config file that defines or list of who can run what) file. The sudo command allows users to do tasks on a Linux system as another user.

sudo command

sudo is more more secure than su command. By default it logs sudo usage, command and arguments in /var/log/secure (Red Hat/Fedora / CentOS Linux) or /var/log/auth.log (Ubuntu / Debian Linux).

If the invoking user is root or if the target user is the same as the invoking user, no password is required. Otherwise, sudo requires that users authenticate themselves with a password by default. Once a user has been authenticated, a timestamp is updated and the user may then use sudo without a password for a short period of time (15 minutes unless overridden in sudoers).

/etc/sudoers Syntax

Following is general syntax used by /etc/sudoers file:
USER HOSTNAME=COMMAND
Where,

• No ads and tracking
• In-depth guides for developers and sysadmins at Opensourceflare✨
• Join my Patreon to support independent content creators and start reading latest guides:
  • How to set up Redis sentinel cluster on Ubuntu or Debian Linux
  • How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
  • How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
  • A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
  • How to protect Linux against rogue USB devices using USBGuard

Join Patreon ➔

• USER: Name of normal user
• HOSTNAME: Where command is allowed to run. It is the hostname of the system where this rule applies. sudo is designed so you can use one sudoers file on all of your systems. This space allows you to set per-host rules.
• COMMAND: A simple filename allows the user to run the command with any arguments he/she wishes. However, you may also specify command line arguments (including wildcards). Alternately, you can specify “” to indicate that the command may only be run without command line arguments.

How do I use sudo?

Give user rokcy access to halt/shutdown command and restart Apache web server. First, Login as root user. Use visudo command edit the config file:
# visudo
Append the following lines to file:
rokcy localhost=/sbin/halt
rokcy dbserver=/etc/init.d/apache-perl restart
Save and close file . Now rokcy user can restart Apache web server by typing the following command:
$ sudo /etc/init.d/apache-perl restart
Output:

The sudo command has logged the attempt to the log file /var/log/secure or /var/log/auth.log file:
# tail -f /var/log/auth.log
Sample outputs:

If rokcy want to shutdown computer he needs to type command:
$ sudo /sbin/halt
Output:

Before running a command with sudo, users usually supply their password. Once authenticated, and if the /etc/sudoers configuration file permits the user access, then the command is run. sudo logs each command run.

Источник

How to Use the su Command in Linux with Examples

Home » SysAdmin » How to Use the su Command in Linux with Examples

In Linux, the su command (switch user) is used to run a command as a different user.

In this guide, you will learn how to use the su command, with practical examples.

• A system running Linux
• Access to a terminal window/command-line (Ctrl-Alt-T, Ctrl-Alt-F2)

How the su Command Works

The su command is used to run a function as a different user. It is the easiest way to switch or change to the administrative account in the current logged in session.

Some versions of Linux, like Ubuntu, disable the root user account by default making the system more secure. But, this also restricts the user from running specific commands.

Using su to temporarily act as a root user allows you to bypass this restriction and perform different tasks with different users.

Note: A root account is a master administrator account with full access and permissions in the system. Because of the severity of changes this account can make, and because of the risk of it being compromised, most Linux versions use limited user accounts for normal use.

su Command Syntax

To use the su command, enter it into a command-line as follows:

If a username is specified, su defaults to the superuser (root). Simply find the user you need and add it to the su command syntax.

su Command Options

To display a list of commands, enter the following:

Here are some common options to use with the su command:

• Username – Replace usernamewith the actual username you want to log in with. This can be any user, not just root.
• –c or –command [command] – Runs a specific command as the specified user.
• – or –l or –login [username] – Runs a login script to change to a specific username. You’ll need to enter a password for that user.
• –s or –shell [shell] – Allows you to specify a different shell environment to run in.
• –h or –help – Show the help file for the su command.
• –p or ––preserve–environment – Preserve the shellenvironment (HOME, SHELL, USER, LOGNAME).

su Command Examples

Switch to a Different User

To switch the logged-in user in this terminal window, enter the following:

You’ll be asked for a password. Enter it, and the login will change to that user.

If you omit a username, it will default to the root account. Now, the logged-in user can run all system commands. This will also change the home directory and path to executable files.

Use the whoami command to verify you switched to a different user.

Note: If you are having issues with authentication, you can change the root or sudo password in a couple of simple steps.

Run Specific Command as a Different User

To run a specific command as a different user, use the –c option:

The system will respond by asking you for the user password.

When you enter this example, the system will use the specified account to run the ls (list directory contents) command.

Use a Different Shell

To use a different shell, or operating environment, enter the following:

This command opens a root user account in Z shell.

Use a Different User in the Same Environment

You can keep the environment of the current user account with the –p option:

Replace [other_user] with the actual username you want to switch to.

The user account will switch, but you’ll keep the same home directory. This is useful if you need to run a command as a different user, but you need access to the current user’s data.

To verify you remained in the same home environment, use the echo $HOME command that will display the directory you are working in.

Command Comparison: su vs sudo

sudo Command

The sudo command grants a one-time or limited-time access to root functionality. Typically, the sudo command is used to quickly run an administrative command, then return to the user account’s regular permissions.

To provide sudo access, the user has to be added to the sudo group.

Note: By default, some versions of Linux (such as Ubuntu) disable the root account. That means there’s no password assigned to the root user. However you can switch to root by running the following command and entering the currently logged-in user’s password:

su Command

The su command lets you switch the current user to any other user. If you need to run a command as a different (non-root) user, use the –l [username] option to specify the user account. Additionally, su can also be used to change to a different shell interpreter on the fly.

su is an older but more fully-featured command. It can duplicate the functionality of sudo by use of the –c option to pass a single command to the shell.

You now know how to use the su command to temporarily change users and execute commands in Linux. Use the examples provided to get started.

Источник

How to run a command as a specific user in an init script?

I’m writing an init script which is supposed to execute a single command as a user different than root. This is how I’m doing it currently:
sudo -u username command

This generally works as expected on Ubuntu/Debian, but on RHEL the script which is executed as the command hangs.
Is there another way to run the command as another user?
(Note that I can’t use lsb init functions as they’re not available on RHEL/Centos 5.x.)

6 Answers 6

On RHEL systems, the /etc/rc.d/init.d/functions script is intended to provide similar to what you want. If you source that at the top of your init script, all of it’s functions become available.

The specific function provided to help with this is daemon . If you are intending to use it to start a daemon-like program, a simple usage would be:

If that is too heavy-handed for what you need, there is runuser (see man runuser for full info; some versions may need -u prior to the username):

For systemd style init scripts it’s really easy. You just add a User= in the [Service] section.

Here is an init script I use for qbittorrent-nox on CentOS 7:

If you have start-stop-daemon

Instead of sudo, try

In my experience, sudo is not always available on RHEL systems, but su is, because su is part of the coreutils package whereas sudo is in the sudo package.

I usually do it the way that you are doing it (i.e. sudo -u username command). But, there is also the ‘djb’ way to run a daemon with privileges of another user. See: http://thedjbway.b0llix.net/daemontools/uidgid.html

Adding this answer as I had to lookup multiple places to achieve my use case. I had a script that runs on startup. This script runs process as a specific (passwordless) user and is running on multiple linux flavors. Here are options on different flavors: (I have taken java as target process for example)

1. RHEL / CentOS 6:

2. RHEL 7 / SUSE12 / other linux flavors where systemd is used:

In your systemd unit file add:

3. Suse 11:

/sbin/startproc -u myUser $JAVA_HOME/bin/java

Источник