- Linux how to run as another user
- The sudo — Super User Do
- Using sudo
- Examples
- Changing the sudo Configuration
- The su command
- References & Resources
- Latest Post
- Running Script or Command as Another User in Linux
- 1. Overview
- 2. Environment
- 3. Using su
- 3.1. Running Script as Another User
- 3.2. Disabling the Password Prompt
- 4. Using sudo
- 4.1. Running a Specific Script as Another User
- 4.2. Running Scripts as Any Users on the System
- 4.3. Skipping Password Prompt
- 5. Conclusion
Linux how to run as another user
This lesson will cover how to switch to other accounts using sudo command.
The sudo — Super User Do
Another way to switch users or execute commands as others is to use the sudo command. The syntax for sudo is:
The sudo allows you to run programs with the security priviledges of another user. Like su , if no username is specified, it assumes that you were trying to run commands as the superuser. This why sudo is referred to as superuser do.
It is commonly used to install, start and stop applications that require root priviledges. One of the advantages of using sudo over the su command is that you don’t need to know the password of the other user. This could eliminate some issues that arise from using shared passwords in generic accounts. When you execute the sudo command, you are prompted for your password. If the sudo configuration permits access, that command is executed.
The sudo configuration is typically controlled by the system administrator and requires root access to change. Of course, on your personal system, you have access to the root account, and you are effectively the system administrator as well.
Using sudo
To see the commands that are available for you to run with sudo, use sudo -l . To run a command as the root user, use sudo command . You can specify a user with -u , for example sudo -u root command is the same as sudo command . However, if you want to run a command as another user, you need to specify that with -u . So, for example sudo -u nikki command .
Commands | Meaning |
---|---|
sudo -l | List available commands. |
sudo command | Run command as root. |
sudo -u root command | Run command as root. |
sudo -u user command | Run command as user. |
You can use sudo su to switch to the superuser account. You can use sudo su — to switch to the superuser account with root’s environment. The sudo su — username would switch to that username’s account with an environment that you would expect to see when you logged in as that user.
Commands | Meaning |
---|---|
sudo su | Switch to the superuser account. |
sudo su — | Switch to the superuser account with root’s environment. |
sudo su — username | Switch to the username’s account with the username’s environment. |
Another way to switch to another account with sudo is to use the -s option. If you run sudo -s that will start a shell as root. You can specify a user with the -u option.
Commands | Meaning |
---|---|
sudo -s | Start a shell as root |
sudo -u root -s | Same as above. |
sudo -u user -s | Start a shell as user. |
Examples
You can run the following to see what command can be run with sudo :
$ sudo -l Matching Defaults entries for robin on robin-ThinkPad-T410: env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin User robin may run the following commands on robin-ThinkPad-T410: (ALL : ALL) ALL
In this case, user robin can run any command.
Example 2: Run a command with sudo
$ sudo /etc/mongodb start mongodb started
To run a command as the other user:
$ sudo -u nikki /etc/nikkiapp/bin/start Nikki's app started Running as user: nikki
To change to root account:
Changing the sudo Configuration
If you need to modify the sudo configuration, use the command visudo . It effectively starts the vi editor and edits as the /etc/sudoers file. The visudo command has to be executed with approved priviledges. This means that you need to switch to the root account, for example: su root visudo or run sudo visudo as your own account.
The sudoers file contains a list of users, and what commands that those users can run and as what users those commands can be run as.
There are many options to the sudoers file, but the most simple format and one that you will see quite often is a line that gives a specific user a set of commands that he or she can run. The format is like
user host=(users) [NOPASSWORD:]commands
admin ALL=(ALL) NOPASSWORD:ALL
robin servername=(root) /etc/init.d/apps
The su command
Another way to switch user is to use su command. The details of su is covered in su command.
References & Resources
Latest Post
- Dependency injection
- Directives and Pipes
- Data binding
- HTTP Get vs. Post
- Node.js is everywhere
- MongoDB root user
- Combine JavaScript and CSS
- Inline Small JavaScript and CSS
- Minify JavaScript and CSS
- Defer Parsing of JavaScript
- Prefer Async Script Loading
- Components, Bootstrap and DOM
- What is HEAD in git?
- Show the changes in Git.
- What is AngularJS 2?
- Confidence Interval for a Population Mean
- Accuracy vs. Precision
- Sampling Distribution
- Working with the Normal Distribution
- Standardized score — Z score
- Percentile
- Evaluating the Normal Distribution
- What is Nodejs? Advantages and disadvantage?
- How do I debug Nodejs applications?
- Sync directory search using fs.readdirSync
Running Script or Command as Another User in Linux
The Kubernetes ecosystem is huge and quite complex, so it’s easy to forget about costs when trying out all of the exciting tools.
To avoid overspending on your Kubernetes cluster, definitely have a look at the free K8s cost monitoring tool from the automation platform CAST AI. You can view your costs in real time, allocate them, calculate burn rates for projects, spot anomalies or spikes, and get insightful reports you can share with your team.
Connect your cluster and start monitoring your K8s costs right away:
1. Overview
In this tutorial, we’ll learn different ways of running scripts or commands as another user in Linux. In particular, we’ll see how we can do that without logging in as the target user.
2. Environment
Let’s assume that in addition to root, there are user annie and user dave in our system as well. Then, while logged in as annie, we create a script annie-script.sh in /home/annie:
$ cat > /home/annie/annie-script.sh
In the script, we first obtain the username with the whoami command. This will capture the username of the user executing the script. Then, we use process substitution to combine the username with the message to be printed. Finally, the echo will print the entire message to standard output.
With this simple script, we’ll be able to tell which user runs the script.
Additionally, we make the script executable by annie only:
$ chmod u+x /home/annie/annie-script.sh
We can then verify the permission information of the script:
$ ls -l /home/annie total 4 -rwxrw-r-- 1 annie annie 41 Oct 31 03:11 annie-script.sh
From the file permission bits, we can see that only the owner can execute that script. In our example, only annie can execute the script. In other words, the only way dave can execute annie-script.sh is through annie.
Once the environment is set up, we’ll log in again as dave.
In the following sections, we’ll demonstrate how to run annie-script.sh as annie, while stay logged in as dave.
3. Using su
su is a command-line tool that is commonly used to switch users in Linux. Additionally, it also allows us to execute scripts or commands as another user.
3.1. Running Script as Another User
While logged in as user dave, we can run the annie-script.sh as user annie:
$ su -c '/home/annie/annie-script.sh' annie Password: Running annie-script.sh as user annie
By default, the su command takes an input a target username to switch into. However, we can specify a script to be run with the flag -c. When specified, su command will just execute the script without dropping into a new shell as the target user.
In our example, we use the su command to execute the annie-script.sh with user annie. Then, su command will ask for annie‘s password. Once authenticated, the script will be executed.
From the output, we can see that the script is indeed executed by annie as indicated by our simple script.
Without specifying a target user, su command will switch into root instead:
$ su -c 'echo I am $(whoami)' Password: Running annie-script.sh as user root
3.2. Disabling the Password Prompt
The password prompt might not always be preferable, especially during scripting. As the su command relies on Linux’s PAM for authentication purposes, we can disable the password prompt for the su command through its PAM configuration file.
Let’s disable the password prompt when user dave is executing scripts as user annie.
Firstly, we open up the file /etc/pam.d/su with any text editor. Then, we’ll add the following lines into the file right after the line auth sufficient pam_rootok.so:
auth [success=ignore default=1] pam_succeed_if.so user = annie auth sufficient pam_succeed_if.so use_uid user = dave
The first rule checks if the target user is annie. If it is, then it’ll proceed with the second rule to check if the current user is dave. If both rules evaluate to true, permission will be granted, and dave can use su without having to input annie‘s password.
On the other hand, if either one of the rules fails, it will transparently ignore these rules, prompting for a password.
Once configured, we can now run the same command without the password prompt:
$ su -c /home/annie/annie-script.sh annie Running annie-script.sh as user annie
However, if we try to run the same command as user root, su will ask for the root‘s password. That’s because the password exemptions for dave only applies when he is executing scripts as annie, not as anyone else.
4. Using sudo
sudo is another command-line tool that allows users to execute scripts as another user. In this article, we’ll be skipping the details about the sudo command. Instead, we’ll focus on utilizing sudo to execute scripts as another user.
4.1. Running a Specific Script as Another User
Before we can execute scripts as other users with sudo, we’ll need to add the current user to the sudoers file. To do that, we’ll use the visudo command to safely edit the /etc/sudoers file.
Let’s add dave into sudoers file by executing the following command as root:
$ echo 'dave ALL=(annie) /home/annie/annie-script.sh' | EDITOR='tee -a' visudo
The command above echo the rule and pipe the rule into the visudo command. By default, visudo will open up an interactive editor. However, we’ve overridden that behavior through the EDITOR field. Finally, visudo will append the rules into the sudoers file using the command tee -a.
The rule grants dave the permission to execute the script annie-script.sh as user annie on any hosts.
After the configuration, we can execute annie-script.sh as annie with sudo command while logged in as dave:
$ sudo -u annie /home/annie/annie-script.sh [sudo] password for dave: Running annie-script.sh as user annie
The sudo command takes as an argument the command or script to execute. Additionally, the flag -u can be specified to change the target user from the default root into another user.
Notice that with sudo, it requests for the current user’s password instead of the target user. Once authenticated, we’ll see that the script has indeed been executed as annie.
4.2. Running Scripts as Any Users on the System
If we now run the command as root, we’ll see the following output:
$ sudo -u root /home/annie/annie-script.sh [sudo] password for dave: Sorry, user dave is not allowed to execute '/home/annie/annie-script.sh' as root
Because the rules we’ve configured only allow dave to execute annie-script.sh (a specific script) as annie (a specific user). To allow dave to execute the script annie-script.sh as any users, we can change the rules for dave as such:
dave ALL=(ALL) /home/annie/annie-script.sh
With the value ALL instead of annie, dave will be able to execute annie-script.sh as any users on the system.
Once we’ve re-configured it, we’ll be able to run the same command successfully:
$ sudo -u root /home/annie/annie-script.sh [sudo] password for dave: Running annie-script.sh as user root
4.3. Skipping Password Prompt
With sudo, we can also disable the password prompt by prefixing NOPASSWD in front of the script and command section.
For example, we can disable the password prompt for dave by tweaking the rules:
dave ALL=(ALL) NOPASSWD: /home/annie/annie-script.sh
In the rules, we’ve prepended NOPASSWD in front of the script. That’ll exempt dave from the password input request when he is running annie-script.sh as another user.
After reconfiguring, we can re-run the command as both annie and root without having to input dave‘s password:
$ sudo -u annie /home/annie/annie-script.sh Running annie-script.sh as user annie $ sudo -u root /home/annie/annie-script.sh Running annie-script.sh as user root
5. Conclusion
In this tutorial, we’ve first started by setting up an environment for this tutorial.
Then, we saw how we could use the su command to execute a script as other users. We’ve taken a step further to disable the password prompt by modifying the PAM configuration file.
Next, we’ve demonstrated the same functionality with the sudo command. Finally, we’ve also seen how we can skip the password prompt from sudo by configuring the sudoers file using visudo.