Linux run under user

Allow A Normal User To Run Commands As root Under Linux / UNIX Operating Systems

From my mail bag:

I would like to run few commands such as stop or start web server as a root user. How do I allow a normal user to run these commands as root?

You need to use the sudo command which is use to execute a command as another user. It allows a permitted user to execute a command as the superuser or another user, as specified in the /etc/sudoers (config file that defines or list of who can run what) file. The sudo command allows users to do tasks on a Linux system as another user.

sudo command

sudo is more more secure than su command. By default it logs sudo usage, command and arguments in /var/log/secure (Red Hat/Fedora / CentOS Linux) or /var/log/auth.log (Ubuntu / Debian Linux).

If the invoking user is root or if the target user is the same as the invoking user, no password is required. Otherwise, sudo requires that users authenticate themselves with a password by default. Once a user has been authenticated, a timestamp is updated and the user may then use sudo without a password for a short period of time (15 minutes unless overridden in sudoers).

/etc/sudoers Syntax

Following is general syntax used by /etc/sudoers file:
USER HOSTNAME=COMMAND
Where,

• No ads and tracking
• In-depth guides for developers and sysadmins at Opensourceflare✨
• Join my Patreon to support independent content creators and start reading latest guides:
  • How to set up Redis sentinel cluster on Ubuntu or Debian Linux
  • How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
  • How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
  • A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
  • How to protect Linux against rogue USB devices using USBGuard

Join Patreon ➔

• USER: Name of normal user
• HOSTNAME: Where command is allowed to run. It is the hostname of the system where this rule applies. sudo is designed so you can use one sudoers file on all of your systems. This space allows you to set per-host rules.
• COMMAND: A simple filename allows the user to run the command with any arguments he/she wishes. However, you may also specify command line arguments (including wildcards). Alternately, you can specify “” to indicate that the command may only be run without command line arguments.

How do I use sudo?

Give user rokcy access to halt/shutdown command and restart Apache web server. First, Login as root user. Use visudo command edit the config file:
# visudo
Append the following lines to file:
rokcy localhost=/sbin/halt
rokcy dbserver=/etc/init.d/apache-perl restart
Save and close file . Now rokcy user can restart Apache web server by typing the following command:
$ sudo /etc/init.d/apache-perl restart
Output:

The sudo command has logged the attempt to the log file /var/log/secure or /var/log/auth.log file:
# tail -f /var/log/auth.log
Sample outputs:

If rokcy want to shutdown computer he needs to type command:
$ sudo /sbin/halt
Output:

Before running a command with sudo, users usually supply their password. Once authenticated, and if the /etc/sudoers configuration file permits the user access, then the command is run. sudo logs each command run.

Источник

Linux Run Commands As Another User

Linux is the best and most-used open source operating system. The Linux users have a large number of options to choose operating system. You have options to choose desktop for your Linux systems. But still Linux professionals love the command line to work. Mainly the Linux server editions comes with command line option only, which create them lighter and faster.

The Linux users uses shell to interact with operating systems. In which the Bash (Born Shell) is the most used shell and available default on most systems. Now a days Zsh (Z Shell) is also getting popularity between the users due to its features.

In this tutorial you will learn how to run command as another user in Linux/Unix systems.

Running Command As Another User with Su

su (Switch User) command is used to run shell as another user. This command switches to the new user and load their environment.

The basic su command looks like below:

The above command which you to another user, where you can run commands with that user. But our aim is to run Linux command as another user without switching to them. To do this, check below example.

I am currently logged in as root user. You can pass your command with -c parameter. Now, the below example will run “ls” command as user rahul without switching to the user.

You can also run multiple commands as another user in Linux, like:

In the above command, first prints present working directory with pwd, then create and switches to new directory named “hello”. Again prints the present working directory. All commands are separated with semicolon (;) as we do in general.

Run Command As Another User with Sudo

This is generally used to run command as root user, but you can also use it with other users. Here you don’t need to use any command line switches. Enter the name of user to which you want to run command. After that specificy the command to run as defined user.

Syntax:

For example, you are writing a shell script, which required to run as non-root user. But you need to restart apache2 service. In that case you can use sudo to run command as root user. Like:

Run Command As Another User with Runuser

You can also use runuser to run commands as another user in Linux systems. This is lesser known commands by the Linux users. Use runuser command to execute commands with the effective user ID and group ID of the defined user.

Syntax:

Example – for example, run a command as user “rahul” and create directory in his home directory.

Then list files under home directory of user ‘rahul’.

You can also execute booth commands in a single command. Just add multiple commands wit semicolon separated.

Conclusion

In this tutorial, you have learned to run commands as another user in Linux system. You have learned running commands as another user with the help of su, sudo and runuser Linux commands.

Источник

Linux Run Command As Another User

Dear nixCraft,
I just want to know how to run Linux commands as another user or as the root user?
–Sincerely,
Confused About Linux commands.

Dear Confused,
You can use the following commands to run as another user or as root user on Linux.

1. Using Linux runuser command as another user

Only session PAM hooks are run, and there is no password prompt. If run as a non-root user without privilege to set user ID, the command will fail as the binary is not setuid. As runuser doesn’t run auth and account PAM hooks, it runs with lower overhead than su.

For example, as a root user you may want to check shell resource limits for oracle user, enter:
# runuser -l oracle -c ‘ulimit -SHa’
Check nginx or lighttpd web server limitations:
# runuser -l nginx -c ‘ulimit -SHa’
# runuser -l lighttpd -c ‘ulimit -SHa’
Sometime, a root user can not browse NFS mounted share due to permission (security) issue:
# ls -l /nfs/wwwroot/cyberciti.biz/http
OR
# cd /nfs/wwwroot/cyberciti.biz/http
Sample outputs:

However, apache user is allowed to browse or access nfs based system mouted at /nfs/wwwroot/cyberciti.biz/http/:
# runuser -l apache -c ‘ls -l /nfs/wwwroot/cyberciti.biz/http/’
# runuser -l apache -c ‘cd /nfs/wwwroot/cyberciti.biz/http/; vi index.php’
No password is required to use runuser command and it must be run by root user only. Sometimes sudo or su will give following error:

To get around this try the following syntax:
# runuser -u www-data — command
## Run commands as www-data user ##
# runuser -u www-data — composer update —no-dev
# runuser -u www-data — php7 /app/maintenance/update.php

The runuser command options

1. -l user_login_name : Make the shell a login shell, uses runuser-l PAM file instead of default one.
2. -g group : Specify the primary group.
3. -G group : Specify a supplemental group.
4. -c COMMAND : Pass a single COMMAND to the shell with -c.
5. —session-command=COMMAND : Pass a single COMMAND to the shell with -c and do not create a new session.
6. -m : Do not reset environment variables.
7. -u username : Run command as given username to get around ‘su -‘ or ‘sudo’ limit.

2. Run a Linux command with substitute user and group ID using ‘su command’

The su command allows you to become a super user or substitute user, spoof user, set user or switch user. It allows a Linux user to change the current user account associated with the running console or shell provided that you know the target user’s password. The syntax is as follows:

Источник

How to run a command as a specific user in an init script?

I’m writing an init script which is supposed to execute a single command as a user different than root. This is how I’m doing it currently:
sudo -u username command

This generally works as expected on Ubuntu/Debian, but on RHEL the script which is executed as the command hangs.
Is there another way to run the command as another user?
(Note that I can’t use lsb init functions as they’re not available on RHEL/Centos 5.x.)

6 Answers 6

On RHEL systems, the /etc/rc.d/init.d/functions script is intended to provide similar to what you want. If you source that at the top of your init script, all of it’s functions become available.

The specific function provided to help with this is daemon . If you are intending to use it to start a daemon-like program, a simple usage would be:

If that is too heavy-handed for what you need, there is runuser (see man runuser for full info; some versions may need -u prior to the username):

For systemd style init scripts it’s really easy. You just add a User= in the [Service] section.

Here is an init script I use for qbittorrent-nox on CentOS 7:

If you have start-stop-daemon

Instead of sudo, try

In my experience, sudo is not always available on RHEL systems, but su is, because su is part of the coreutils package whereas sudo is in the sudo package.

I usually do it the way that you are doing it (i.e. sudo -u username command). But, there is also the ‘djb’ way to run a daemon with privileges of another user. See: http://thedjbway.b0llix.net/daemontools/uidgid.html

Adding this answer as I had to lookup multiple places to achieve my use case. I had a script that runs on startup. This script runs process as a specific (passwordless) user and is running on multiple linux flavors. Here are options on different flavors: (I have taken java as target process for example)

1. RHEL / CentOS 6:

2. RHEL 7 / SUSE12 / other linux flavors where systemd is used:

In your systemd unit file add:

3. Suse 11:

/sbin/startproc -u myUser $JAVA_HOME/bin/java

Источник

Run a shell script as another user that has no password

I would like to run a script from the main ubuntu shell as a different user that has no password.

I have full sudo privileges, so I tried this:

Then I have to enter my password, but I am not sure if that script is now really running under that user.

How can I confirm that the script is really running under that user now?

8 Answers 8

You can do that with su or sudo , no need for both.

The relevant parts of man sudo :

su can only switch user without providing a password if you are root. See Caleb’s answer

You can modify the /etc/pam.d/su file to allow su without password. See this answer.

If you modified your auth file to the following, any user that was part of group somegroup could su to otheruser without a password.

Then test from terminal

If you want to use su instead of sudo, I believe you can use something like this:

• — will simulate a login of the specified user
• -c tells it that you want to run a command

ps. Unfortunately I’m not able to install ruby using rvm with this method, but that’s probably not related.

The answers above are really useful to me but to answer the actual question.

How can I affirm that the script is really running under that user now?-

The output should include your script and the actual user executing it. People on BSD-like systems, e.g. MAC can find similar information with:

Make sure you switch to root user with command sudo su and then use the command

For example: su www-data -s bin/magento cache:clean

I had the same problem. Just type in the command screen -dmS testscreen this will create a detached screen on your non-sudo user account and then you can log it and check if this screen is there by screen -ls .

You can use sudo to do this. First, you need to modify the /etc/sudoers file to add a rule that allows the hudson user to become the other user for the script in question. Let’s assume you have a user1 account that needs to run /usr/local/bin/my_script.sh .

Run visudo to modify the sudoers file. Then, use the following sudo command to run the script from hudson.

It’s very important that you use visudo to modify the sudoers file in order to check the file for errors before putting it in place. Also, I’d suggest a quick read through man sudoers in order to clearly understand what the above does before adding it to your configuration.

Источник