- Linux Run Commands As Another User
- Running Command As Another User with Su
- Run Command As Another User with Sudo
- Run Command As Another User with Runuser
- Conclusion
- su options — running command as another user
- 2 Answers 2
- How to run a command as a specific user in an init script?
- 6 Answers 6
- How can I execute a group of commands as another user in Bash?
- 3 Answers 3
Linux Run Commands As Another User
Linux is the best and most-used open source operating system. The Linux users have a large number of options to choose operating system. You have options to choose desktop for your Linux systems. But still Linux professionals love the command line to work. Mainly the Linux server editions comes with command line option only, which create them lighter and faster.
The Linux users uses shell to interact with operating systems. In which the Bash (Born Shell) is the most used shell and available default on most systems. Now a days Zsh (Z Shell) is also getting popularity between the users due to its features.
In this tutorial you will learn how to run command as another user in Linux/Unix systems.
Running Command As Another User with Su
su (Switch User) command is used to run shell as another user. This command switches to the new user and load their environment.
The basic su command looks like below:
The above command which you to another user, where you can run commands with that user. But our aim is to run Linux command as another user without switching to them. To do this, check below example.
I am currently logged in as root user. You can pass your command with -c parameter. Now, the below example will run “ls” command as user rahul without switching to the user.
su - rahul -c "pwd"
Output: /home/rahul
You can also run multiple commands as another user in Linux, like:
su - rahul -c "pwd; mkdir hello && cd hello; pwd"
Output: /home/rahul /home/rahul/hello
In the above command, first prints present working directory with pwd, then create and switches to new directory named “hello”. Again prints the present working directory. All commands are separated with semicolon (;) as we do in general.
Run Command As Another User with Sudo
This is generally used to run command as root user, but you can also use it with other users. Here you don’t need to use any command line switches. Enter the name of user to which you want to run command. After that specificy the command to run as defined user.
For example, you are writing a shell script, which required to run as non-root user. But you need to restart apache2 service. In that case you can use sudo to run command as root user. Like:
sudo -u root 'systemctl restart apache2'
Run Command As Another User with Runuser
You can also use runuser to run commands as another user in Linux systems. This is lesser known commands by the Linux users. Use runuser command to execute commands with the effective user ID and group ID of the defined user.
runuser - username -c [commands. ]
Example – for example, run a command as user “rahul” and create directory in his home directory.
runuser - rahul -c 'mkdir -p ~/hello'
Then list files under home directory of user ‘rahul’.
runuser - rahul -c 'ls -l'
Output:> total 16 -rw-r--r-- 1 rahul rahul 8980 Feb 15 2020 examples.desktop drwxr-xr-x 2 rahul rahul 4096 Dec 21 15:55 hello
You can also execute booth commands in a single command. Just add multiple commands wit semicolon separated.
runuser - rahul -c 'mkdir -p ~/hello; ls -l'
Conclusion
In this tutorial, you have learned to run commands as another user in Linux system. You have learned running commands as another user with the help of su, sudo and runuser Linux commands.
su options — running command as another user
I was wondering how to run a command as another user from a script. I have the script’s owner set as root. I also have the following command being run within the script to run the command as the hudson user:
For other googlers: some users might have this ability disabled on purpose. You can run sudo cat /etc/passwd | grep user-abc . If you see something like this: user-abc:x:994:994::/home/user-abc:/bin/false then it won’t work. That’s because the last part » /bin/false » means that there is no shell for that user.
2 Answers 2
$ su --help Usage: su [options] [LOGIN] Options: -c, --command COMMAND pass COMMAND to the invoked shell -h, --help display this help message and exit -, -l, --login make the shell a login shell -m, -p, --preserve-environment do not reset environment variables, and keep the same shell -s, --shell SHELL use SHELL instead of the default in passwd
And some testing (I used sudo as I don’t know the password for the nobody account)
$ sudo su -c whoami nobody [sudo] password for oli: nobody
When your command takes arguments you need to quote it. If you don’t, strange things will occur. Here I am —as root— trying to create a directory in /home/oli (as oli) without quoting the full command:
# su -c mkdir /home/oli/java oli No passwd entry for user '/home/oli/java'
It’s only read mkdir as the value for the -c flag and it’s trying to use /home/oli/java as the username. If we quote it, it just works:
# su -c "mkdir /home/oli/java" oli # stat /home/oli/java File: ‘/home/oli/java’ Size: 4096 Blocks: 8 IO Block: 4096 directory Device: 811h/2065d Inode: 5817025 Links: 2 Access: (0775/drwxrwxr-x) Uid: ( 1000/ oli) Gid: ( 1000/ oli) Access: 2016-02-16 10:49:15.467375905 +0000 Modify: 2016-02-16 10:49:15.467375905 +0000 Change: 2016-02-16 10:49:15.467375905 +0000 Birth: -
How to run a command as a specific user in an init script?
I’m writing an init script which is supposed to execute a single command as a user different than root. This is how I’m doing it currently:
sudo -u username command This generally works as expected on Ubuntu/Debian, but on RHEL the script which is executed as the command hangs.
Is there another way to run the command as another user?
(Note that I can’t use lsb init functions as they’re not available on RHEL/Centos 5.x.)
Notice that this question is about something set up exclusively by the administrator (typically, a daemon that runs as some user for security). A slightly different case is users setting up on their own commands to run at boot, with their user crontab. See askubuntu.com/questions/260845/…
6 Answers 6
On RHEL systems, the /etc/rc.d/init.d/functions script is intended to provide similar to what you want. If you source that at the top of your init script, all of it’s functions become available.
The specific function provided to help with this is daemon . If you are intending to use it to start a daemon-like program, a simple usage would be:
daemon --user=username command
If that is too heavy-handed for what you need, there is runuser (see man runuser for full info; some versions may need -u prior to the username):
/sbin/runuser username -s /bin/bash -c "command(s) to run as user username"
How can I execute a group of commands as another user in Bash?
There are already some existing questions asked here about running commands as another user. However, the question and answers focus on a single command instead of a long group of commands. For example, consider the following script:
#!/bin/bash set -e root_command -p param1 # run as root # these commands must be run as another user command1 -p 'parameter with "quotes" inline' command2 -p 'parameter with "quotes" inline' command3 -p 'parameter with "quotes" inline'
- The final three commands must be run as another user using su or sudo . In the example there were three commands, but suppose that there were many more.
- The commands themselves make use of single and double quotes.
The second point above prevents the use of the following syntax:
. since the commands themselves contain quotes.
What is the proper way to «group» the commands and run them under another user account?
3 Answers 3
here-doc. The next token is the delimiter, and everything up to a line beginning with the delimiter is fed as standard input to the command. Putting the delimiter in single quotes prevents variable substitution within the here-doc.
This will be useful to some: If you need the command to actually run in the user’s full environment, as if they had logged in, which may include different paths, for example. Add they hyphen before ‘somebody’, like so: su — somebody .
Make sure there is no whitespace before closing EOF (eg when calling from indented ‘if’ statement). Error is thrown otherwise — see tldp.org/LDP/abs/html/here-docs.html
@PatrizioBekerle I did it interactively in the terminal, but I just tried it in a script as well, and they both worked.
I’m not that great with Bash-foo, so there is bound to be a more elegant way, but I’ve approached this problem in the past by using multiple scripts and a «driver».
#!/bin/bash set -e su root script1 su somebody script2
#!/bin/bash set -e root_command -p param1 # Run as root
#!/bin/bash set -e # These commands must be run as another user command1 -p 'parameter with "quotes" inline' command2 -p 'parameter with "quotes" inline' command3 -p 'parameter with "quotes" inline'
This script checks if the current user running the script is the desired user. If not, then the script is re-executed with the desired user.
#!/usr/bin/env bash TOKEN_USER_X=TOKEN_USER_X USER_X=peter # other user! SCRIPT_PATH=$(readlink -f "$BASH_SOURCE") if [[ "$@" != "$TOKEN_USER_X" ]]; then ###### RUN THIS PART AS the user who started the script echo "This script is $SCRIPT_PATH" echo -n "Current user: " echo $USER read -p "insert: " echo "got $REPLY" su - $USER_X -c "$SCRIPT_PATH $TOKEN_USER_X" # execute code below after else (marked #TOKEN_USER_X) else #TOKEN_USER_X -- come here only if script received one parameter TOKEN_USER_X ###### RUN THIS PART AS USER peter echo echo "Now this script is $SCRIPT_PATH" echo -n "Current user: " echo $USER read -p "insert: " echo "got $REPLY" exit 0 fi echo echo "Back to initial user. " echo -n "Current user: " echo $USER