- How to Run Linux Commands as Another User?
- Method 1: Using the “runuser” Command
- Syntax
- Example 1: Switch the User and then Run Commands
- Example 2: Run the Linux Commands as Another User from the Same Shell
- Method 2: Using the su Command
- Example 1: Switch the User and then Run Commands
- Example 2: Run the Linux Commands as Another User from the Same Shell
- Method 3: Using the “pkexec” command
- Syntax
- Example
- Conclusion
- How to run a command as a specific user in an init script?
- 6 Answers 6
- Run a shell script as another user that has no password
- 10 Answers 10
- Run script as another user on Linux
- 3 Answers 3
- How can I run as another user?
How to Run Linux Commands as Another User?
Sometimes, there is a need to run a Linux command from another user account, and to do so, the conventional approach is to switch to that user and then run the command. However, Linux distributions also support a feature to run a command as another user without logging out of the current user.
This blog will explore different approaches to run the Linux commands as another user.
Method 1: Using the “runuser” Command
The “runuser” command allows running the command as the substitute user in Linux distributions. The general syntax of using the “runuser” command to run Linux commands as another user:
Syntax
$ sudo runuser -[options] [username] [command]
According to the above general usage of the runuser command, we can use this command as the root user or with super-user privilege by using the “sudo”.
Then, we can use the different options of the runuser, which can be explored with the command:
The options and their application will be displayed on the screen.
Coming back to the general syntax of the “runuser” command, after specifying options, you have specified the user name to which you want to use and then the command.
Example 1: Switch the User and then Run Commands
For example, we will log in to another user, “john,” by using the runuser command’s option “-l”:
Now, we can run the multiple commands in the user john and then exit the shell by using the command:
The shell of john user has been logout.
Example 2: Run the Linux Commands as Another User from the Same Shell
If you want to run the command as John user from the same shell:
The contents of the john user directory have been displayed.
Method 2: Using the su Command
Next is switching the specified user account using the “su” command. The general syntax of using the “su” command:
$ su [options] - [username] [arguments]
The above general syntax of switching to another account is simple to understand. Use the su command with the “-” sign and specify the username. It will ask you for the user account’s password and log in to another user account.
Example 1: Switch the User and then Run Commands
To understand it more clearly, we will use the su command to log in to the “john” user account:
After asking for the password, it is logged in to the john user shell. Run the ls command in the new shell:
To go back to the “itslinux” user, again use the su command:
We are back to the shell of our user account.
Example 2: Run the Linux Commands as Another User from the Same Shell
To run the command without logging into another user shell, use the command:
First, it asks for a password, and then the result of the command is printed.
Method 3: Using the “pkexec” command
The “pkexec” command can also be used to run Linux commands by another user. The usage of the pkexec command is visualized in the following syntax:
Syntax
$ sudo pkexec --user [username] [command]
Example
Following the above general syntax, we will log in to the john account and run the command:
The command has been executed in the “john” user account.
Conclusion
To run Linux commands as another user, we can use the “runuser” command and “pkexec” command and can log in to another user with the “su” command. All these commands switch to another user (either while execution or before execution) to run the command from a specific user’s account. This post has briefly explained the methods to run Linux commands as another user.
How to run a command as a specific user in an init script?
I’m writing an init script which is supposed to execute a single command as a user different than root. This is how I’m doing it currently:
sudo -u username command This generally works as expected on Ubuntu/Debian, but on RHEL the script which is executed as the command hangs.
Is there another way to run the command as another user?
(Note that I can’t use lsb init functions as they’re not available on RHEL/Centos 5.x.)
Notice that this question is about something set up exclusively by the administrator (typically, a daemon that runs as some user for security). A slightly different case is users setting up on their own commands to run at boot, with their user crontab. See askubuntu.com/questions/260845/…
6 Answers 6
On RHEL systems, the /etc/rc.d/init.d/functions script is intended to provide similar to what you want. If you source that at the top of your init script, all of it’s functions become available.
The specific function provided to help with this is daemon . If you are intending to use it to start a daemon-like program, a simple usage would be:
daemon --user=username command
If that is too heavy-handed for what you need, there is runuser (see man runuser for full info; some versions may need -u prior to the username):
/sbin/runuser username -s /bin/bash -c "command(s) to run as user username"
Run a shell script as another user that has no password
I would like to run a script from the main ubuntu shell as a different user that has no password. I have full sudo privileges, so I tried this:
sudo su -c "Your command right here" -s /bin/sh otheruser
Then I have to enter my password, but I am not sure if that script is now really running under that user. How can I confirm that the script is really running under that user now?
10 Answers 10
You can do that with su or sudo , no need for both.
sudo -H -u otheruser bash -c 'echo "I am $USER, with uid $UID"'
The relevant parts of man sudo :
-H The -H (HOME) option requests that the security policy set the HOME environment variable to the home directory of the target user (root by default) as specified by the password database. Depending on the policy, this may be the default behavior.
(Starting from Ubuntu 19.10, -H is no longer needed as this is now the default behaviour. See: How does sudo handle $HOME differently since 19.10?)
-u user The -u (user) option causes sudo to run the specified command as a user other than root. To specify a uid instead of a user name, use #uid. When running commands as a uid, many shells require that the '#' be escaped with a backslash ('\'). Security policies may restrict uids to those listed in the password database. The sudoers policy allows uids that are not in the password database as long as the targetpw option is not set. Other security policies may not support this.
su can only switch user without providing a password if you are root. See Caleb’s answer
You can modify the /etc/pam.d/su file to allow su without password. See this answer.
If you modified your auth file to the following, any user that was part of group somegroup could su to otheruser without a password.
auth sufficient pam_rootok.so auth [success=ignore default=1] pam_succeed_if.so user = otheruser auth sufficient pam_succeed_if.so use_uid user ingroup somegroup
rubo77@local$ su otheruser -c 'echo "hello from $USER"' hello from otheruser
Run script as another user on Linux
One difference between your examplar question and your question is that the other question uses user1 ALL=(user2) NOPASSWD: /home/user2/bin/test.sh but you omit the = in your version. That might be all that’s wrong; it might be innocent. It’s worth checking.
I made sure it had the equals and still got the same results. The output is owned by wayne so I know its running correct script.
3 Answers 3
The answer is change from su to sudo.
su is primarily for switching users, while sudo is for executing commands as other users. The -u flag lets you specify which user to execute the command as:
sudo -u wayne '/home/wayne/script2.sh'
gives Sorry user is not allowed to execute
Solution: In order to run commands/scripts as another user on linux/unix you need sudo permission and run the following formula:
For example:
sudo -H -u wayne bash -c 'echo "user:$USER|home:$HOME|action:run_script"; ./home/wayne/script.sh'
from Documentation:
sudo allows a permitted user to execute a command as the superuser or another user, as specified by the security policy. -H The -H (HOME) option requests that the security policy set the HOME environment variable to the home directory of the target user (root by default) as specified by the password database. Depending on the policy, this may be the default behavior. -u user The -u (user) option causes sudo to run the specified command as a user other than root. To specify a uid instead of a user name, use #uid. When running commands as a uid, many shells require that the '#' be escaped with a backslash ('\'). Security policies may restrict uids to those listed in the password database. The sudoers policy allows uids that are not in the password database as long as the targetpw option is not set. Other security policies may not support this.
How can I run as another user?
This is the bash code that should be runned. So first it substitutes the user to openproject and than runs all the code:
su openproject -c "bash -l" cd ~/openproject git checkout Gemfile.lock git pull bundle install RAILS_ENV="production" bundle exec rake db:migrate RAILS_ENV="production" bundle exec rake db:seed RAILS_ENV="production" bundle exec rake assets:precompile
su - openproject -c "cd ~openproject/openproject" su - openproject -c "git checkout stable" su - openproject -c "git checkout Gemfile.lock" su - openproject -c "git pull" su - openproject -c "bundle install" su - openproject -c "RAILS_ENV="production" bundle exec rake db:migrate" su - openproject -c "RAILS_ENV="production" bundle exec rake db:seed" su - openproject -c "RAILS_ENV="production" bundle exec rake assets:precompile"
but this does not run properly and at every steps asks for password. How can the translated script be improved so it works? UPDATE 1: After receiving sugestions about this I am the point where the code has been modified into:
cd ~openproject/openproject sudo -u openproject git checkout stable sudo -u openproject git checkout Gemfile.lock sudo -u openproject git pull # the output is good thill here sudo -u openproject bundle install sudo -u openproject RAILS_ENV="production" bundle exec rake db:migrate sudo -u openproject RAILS_ENV="production" bundle exec rake db:seed sudo -u openproject RAILS_ENV="production" bundle exec rake assets:precompile
UPDATE 2: After trying the suggestion from Dmitry Vasilyanov I found that if i insert the -i it will simulate as user login. However this is not the final way to do it. If I run echo $PATH after logging in as openproject the ouput is /usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/home/openproject/.rvm/bin If I run echo $PATH after su openproject -c «bash -l» the output is /home/openproject/.rvm/gems/ruby-2.1.0/bin:/home/openproject/.rvm/gems/ruby-2.1.0@global/bin:/home/openproject/.rvm/rubies/ruby-2.1.0/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/home/openproject/.rvm/bin