Run as admin linux

Linux Run Command As Another User

Dear nixCraft,
I just want to know how to run Linux commands as another user or as the root user?
–Sincerely,
Confused About Linux commands.

Dear Confused,
You can use the following commands to run as another user or as root user on Linux.

1. Using Linux runuser command as another user

Only session PAM hooks are run, and there is no password prompt. If run as a non-root user without privilege to set user ID, the command will fail as the binary is not setuid. As runuser doesn’t run auth and account PAM hooks, it runs with lower overhead than su.

For example, as a root user you may want to check shell resource limits for oracle user, enter:
# runuser -l oracle -c ‘ulimit -SHa’
Check nginx or lighttpd web server limitations:
# runuser -l nginx -c ‘ulimit -SHa’
# runuser -l lighttpd -c ‘ulimit -SHa’
Sometime, a root user can not browse NFS mounted share due to permission (security) issue:
# ls -l /nfs/wwwroot/cyberciti.biz/http
OR
# cd /nfs/wwwroot/cyberciti.biz/http
Sample outputs:

However, apache user is allowed to browse or access nfs based system mouted at /nfs/wwwroot/cyberciti.biz/http/:
# runuser -l apache -c ‘ls -l /nfs/wwwroot/cyberciti.biz/http/’
# runuser -l apache -c ‘cd /nfs/wwwroot/cyberciti.biz/http/; vi index.php’
No password is required to use runuser command and it must be run by root user only. Sometimes sudo or su will give following error:

To get around this try the following syntax:
# runuser -u www-data — command
## Run commands as www-data user ##
# runuser -u www-data — composer update —no-dev
# runuser -u www-data — php7 /app/maintenance/update.php

The runuser command options

1. -l user_login_name : Make the shell a login shell, uses runuser-l PAM file instead of default one.
2. -g group : Specify the primary group.
3. -G group : Specify a supplemental group.
4. -c COMMAND : Pass a single COMMAND to the shell with -c.
5. —session-command=COMMAND : Pass a single COMMAND to the shell with -c and do not create a new session.
6. -m : Do not reset environment variables.
7. -u username : Run command as given username to get around ‘su -‘ or ‘sudo’ limit.

2. Run a Linux command with substitute user and group ID using ‘su command’

The su command allows you to become a super user or substitute user, spoof user, set user or switch user. It allows a Linux user to change the current user account associated with the running console or shell provided that you know the target user’s password. The syntax is as follows:

Источник

How do I run a command as the system administrator (root)

I need to run a command with administrative privileges. Someone said I should run a command as root. How do I do this?

4 Answers 4

The main two commandline possibilities are:

• Use su and enter the root password when prompted.
• Put sudo in front of the command, and enter your password when prompted.

Running a shell command as root

sudo (preferred when not running a graphical display)

This is the preferred method on most systems, including Ubuntu, Linux Mint, (arguably) Debian, and others. If you don’t know a separate root password, use this method.

Sudo requires that you type your own password. (The purpose is to limit the damage if you leave your keyboard unattended and unlocked, and also to ensure that you really wish to run that command and it wasn’t e.g. a typo.) It is often configured to not ask again for a few minutes so you can run several sudo commands in succession.

If you need to run several commands as root, prefix each of them with sudo . Sometimes, it is more convenient to run an interactive shell as root. You can use sudo -i for that:

Instead of sudo -i , you can use sudo -s . The difference is that -i reinitializes the environment to sane defaults, whereas -s uses your configuration files for better or for worse.

For more information, see the sudo website, or type man sudo on your system. Sudo is very configurable; for example it can be configured to let a certain user only execute certain commands as root. Read the sudoers man page for more information; use sudo visudo to edit the sudoers file.

The su command exists on most unix-like systems. It lets you run a command as another user, provided you know that user’s password. When run with no user specified, su will default to the root account.

The command to run must be passed using the -c option. Note that you need quotes so that the command is not parsed by your shell, but passed intact to the root shell that su runs.

To run multiple commands as root, it is more convenient to start an interactive shell.

On some systems, you need to be in group number 0 (called wheel ) to use su . (The point is to limit the damage if the root password is accidentally leaked to someone.)

Logging in as root

If there is a root password set and you are in possession of it, you can simply type root at the login prompt and enter the root password. Be very careful, and avoid running complex applications as root as they might do something you didn’t intend. Logging in directly as root is mainly useful in emergency situations, such as disk failures or when you’ve locked yourself out of your account.

Single User Mode

Single user mode, or run-level 1, also gives you root privileges. This is intended primarily for emergency maintenance situations where booting into a multi-user run-level is not possible. You can boot into single user mode by passing single or emergency on the kernel command line. Note that booting into single-user mode is not the same as booting the system normally and logging in as root. Rather, the system will only start the services defined for run-level 1. Typically, this is the smallest number of services required to have a usable system.

You can also get to single user mode by using the telinit command: telinit 1 ; however, this command requires you to already have gotten root privileges via some other method in order to run.

On many systems booting into single user mode will give the user access to a root shell without prompting for a password. Notably, systemd -based systems will prompt you for the root password when you boot this way.

Other programs

Calife

Calife lets you run commands as another user by typing your own password, if authorized. It is similar to the much more widespread sudo (see above). Calife is more light-weight than sudo but also less configurable.

Op lets you run commands as another user, including root. This not a full-blown tool to run arbitrary commands: you type op followed by a mnemonic configured by the system administrator to run a specific command.

Super

Super lets you run commands as another user, including root. The command must have been allowed by the system administrator.

Running a graphical command as root

PolicyKit (preferred when using GNOME)

Simply prefix your desired command with the command pkexec . Be aware that while this works in most cases, it does not work universally.

See man pkexec for more information.

KdeSu, KdeSudo (preferred when using KDE)

kdesu and kdesudo are graphical front-ends to su and sudo respectively. They allow you to run X Window programs as root with no hassle. They are part of KDE. Type

and enter the root password, or type

and enter your password (if authorized to run sudo ). If you check the “keep password” option in KdeSu, you will only have to type the root password once per login session.

Other programs

Ktsuss (“keep the su simple, stupid”) is a graphical version of su.

Beesu is a graphical front-end to the su command that has replaced Gksu in Red Hat-based operating systems. It has been developed mainly for RHEL and Fedora.

Obsolete methods

gksu and gksudo are graphical front-ends to su and sudo respectively. They allow you to run X Window programs as root with no hassle. They are part of Gnome. Type

and enter the root password, or type

and enter your password (if authorized to run sudo ).

gksu and gksudo are obsolete. They have been replaced by PolicyKit in GNOME, and many distributions (such as Ubuntu) no longer install them by default. You should not depend on them being available or working properly.

Manually via one of the shell-based methods

Use one of the methods in the «running a shell command as root section». You will need to ensure that neither the DISPLAY environment variable nor the XAUTHORITY environment get reset during the transition to root. This may require additional configuration of those methods that is outside the scope of this question.

Overall, this is a bad idea, mostly because graphical applications will read and write configuration files as root, and when you try to use those applications again as your normal user, those applications won’t have permission to read their own configurations.

Editing a file as root

In either case, you will be prompted for the root password. For more information, see the manual page.

Since the question was not Linux specific, here’s how you achieve the same goal in Solaris 9+ (or Trusted Solaris 8):

Solaris, since version 9, has included a suite of tools affectionately referred to as RBAC, or Role Based Access Control.

The gist of RBAC is that through the granting of Authorizations and Rights, to Users and/or Role, or the granting of Roles to Users, you can create incredibly fine grained models for who can run what with which privileges.

Essentially, you identify authorization in /etc/security/auth_attr, then grant them to users or roles in /etc/user_attr.

You define profiles in /etc/security/prof_attr. You then associate commands with those profiles in /etc/security/exec_attr, followed by assigning those profiles to users in the /etc/user_attr file.

Once those things are done, you actually run pfexec to execute the command with privileged or authorizations that are granted to that user for that command.

The nice thing about RBAC is that there are no additional privileges granted to the command itself, or the user, only to the combination of user + command. So it’s safer than making a binary +s, or just using sudo to make a user be able to execute pretty much anything. (I know that you can lock down sudo, but in my experience most people don’t)

Another advantage of RBAC is that you can make root a role account, and assign that role to users who are able to become root with the ‘su’ command and the root password. The root user will also be able to log in in Single User Mode, which is better (in my opinion) than the Linux model where you can disable the root password passwd -d root , or lock the root account passwd -l root , both of which make logging in as root quite hard when something goes wrong.

Ben Rockwood has a great blog post on RBAC that can be read at Using RBAC on (Open)Solaris.

Источник

How to run applications as root?

I am having some strange issue with Kate and Kwrite. When I click on Open File, it crashes with segmentation fault.

I am a complete newbie to Linux, and I think the issue is that I am not running the application as root.

How do I run applications as root in Ubuntu? Is it bad practice to do this? What is the purpose of the whole root thing, where even though we need to use root so frequently, it is not utilized as default?

4 Answers 4

It is pretty simple to run a program as root.

For a console program use

If it is a GUI application use

UNIX-like operating systems (including Linux) use a concept called privilege separation to ensure that the system stays safe. UNIX was designed as a multi-user system from the ground up — that is, it was designed so that many people could use one computer running UNIX at once. Because most users don’t need to be able to modify the core system only the system administrator should have that privilege. That privileged user is traditionally called root. (Root is a lot like Administrator in Windows.)

This makes sense on several levels. Commonly, a web server or other process that exposes a port to other (possibly malicious) computers will run as its own user (Apache runs as the user nobody ), so that even if the web server program is hacked, the attacker can’t trash the entire machine quite so easily. It even makes sense for mostly single-user machines such as desktops: if other members of your family, for example, somehow manage to run rm -rf / (do NOT run that), they won’t have permission to delete every file on the system, like they would if there were no such thing as privilege separation.

There are several commands you can use to elevate your privileges. The sudo command exists to temporarily give you root-level privileges when you need them to administer the system. You can also use the commands gksudo or su . The latter can be used only if you know root’s password and is a good option if your account doesn’t have permission to use sudo .

The root user can do anything on a system, with almost no exceptions. So even if you request something by accident, it will be carried out with little or no warning, even if it’s bad for the health of your system. This is why it’s good practice to do most of your activities as a normal user, and use root only when needed, like when you’re installing a program.

You shouldn’t need to use root to get rid of a segmentation fault. If root is the only thing that fixes a segfault, then the program has a bug. Programs should not fail like that just because they don’t have root.

Источник

How Can I Log In As root User?

Tutorial details
Difficulty level	Easy
Root privileges	Yes
Requirements	su/sudo
Est. reading time	Less than a minute

It is not good a practice for anyone to use root as their normal user account, because of security risks. Therefore, you use a normal user account instead. You need to use the su or sudo command to switch to root user account.

su command

The su command is use to change user ID or become super-user during a login session i.e. it allows you to become a super user or substitute user, spoof user, set user or switch user.

Note: su only works if you know the target or root user’s password.

su command syntax

If invoked without a user-name, su defaults to becoming the super user. The user will be prompted for a password, if appropriate.

To log in as root user type the following command (you need to supply root user account password when prompted):
$ su —
Sample outputs:

Once logged in, your prompt should change from $ to #. To log in as another user say nixcraft, type the following command (you need to supply nixcraft user account password when prompted):
$ su — nixcraft
Sample outputs:

Remote root login over the ssh session

You can use the ssh client as follows:
$ ssh root@server.ip-address-here
$ ssh root@server1.cyberciti.biz
$ ssh root@1.2.3.4
However, remote root login over ssh session is disabled in most cases for security reasons. First, login as a normal user and then switch to root account using the su command:

su command and log files

The su command logs its usage in a system log file. This is useful to find out su login information. If you are RHEL / CentOS / Fedora Linux user type the following as root to see the contents of /var/log/secure:
# tail -f /var/log/secure
Debian / Ubuntu Linux user try:
# tail -f /var/log/auth.log
Sample outputs:

Say hello to sudo command

The sudo is a program for Linux / Apple OS X / *BSD / Unix-like computer operating systems that allows users to run programs with the security privileges of another user, normally the superuser (root). By default, sudo will prompt for a user password but it may be configured to require the root password or no password at all. Apple Mac OS X and Ubuntu Linux and many other oses uses sudo command for many administrative tasks.

• No ads and tracking
• In-depth guides for developers and sysadmins at Opensourceflare✨
• Join my Patreon to support independent content creators and start reading latest guides:
  • How to set up Redis sentinel cluster on Ubuntu or Debian Linux
  • How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
  • How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
  • A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
  • How to protect Linux against rogue USB devices using USBGuard

Join Patreon ➔

sudo executes a command as another user but follows a set of rules about which users can execute which commands as which other users. This is configured in a filed named /etc/sudoers. Unlike su, sudo authenticates users against their own password rather than that of the target user. See how to configure and use sudo tool under Linux operating system.

For example, to login as root under Linux or Unix like operating system, type:
$ sudo -s

Sample sudo command session

Fig.01: Switching to root account using sudo command

Sudo and log file

The sudo log can be viewed by issuing the following command as root user:

See also

• Linux Run Command As Another User – Explains how to run run Linux commands as another user or run commands as root user using runuser, su, and sudo utilities.

🐧 Get the latest tutorials on Linux, Open Source & DevOps via

Category	List of Unix and Linux commands
Documentation	help • mandb • man • pinfo
Disk space analyzers	df • duf • ncdu • pydf
File Management	cat • cp • less • mkdir • more • tree
Firewall	Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04
Linux Desktop Apps	Skype • Spotify • VLC 3
Modern utilities	bat • exa
Network Utilities	NetHogs • dig • host • ip • nmap
OpenVPN	CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04
Package Manager	apk • apt
Processes Management	bg • chroot • cron • disown • fg • glances • gtop • jobs • killall • kill • pidof • pstree • pwdx • time • vtop
Searching	ag • grep • whereis • which
Shell builtins	compgen • echo • printf
Text processing	cut • rev
User Information	groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w
WireGuard VPN	Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04

Comments on this entry are closed.

I have installed ubuntu and always log in as user. I have read the HOW TOO’s but I am confused by the comment ‘Make sure you use the root password.’ How can you use a root password when you haven’t got one (I think) because the only password I use is the password I gave when I installed Ubuntu (dapper Drake). Is this a root password also if you say it’s root as time of login. If you have to have a seperate login root password – How do you get it? Thanks john6.

By default, the root account password is locked in Ubuntu. This means that you cannot login as root directly or use the su command to become the root user. However, since the root account physically exists it is still possible to run programs with root-level privileges.

Hmmm, lets see Can not log in as : \ SU Thought Ubuntu is open source The only why you can adjust the Kernel is as root. what they hiddin willis.

opp’s should have read more of the reply’s. but as a openBSD user never really had this issue.

Thank you very much for this help!

To all the latin people…..here is the answer in spanish:

Escriban “su -” para cambiar al root. Les pedira la clave del root.

Escriban “su – gon” para cambiar al usuario llamado gon. Les pedira la clave.

John.
You can change your root password by typing in console” sudo passwd root ” By doing this i had to enter my user password then set a new root password and repeat it.

Baller. That was perfect. Thank you.

thnx. by default there is no password for root, hve to get by typing ”sudo passwd root”.

Thanks for this article and to AIS/fahim for the additional information about how to change the root password! Just what I was looking for.

AIS, thanks a lot

The question is still unanswered.

To login as root is very convenience and very important for some applications. Without it, you may not be able to run those programs at all. Su is good but with great limitation.

So if anyone who know the answer, please help. We do not need advise about workaround.

After 5 minutes of browsing on the Internet, I found it is very easy to make the changes so you can login as root from GUI. This is for Fedora 11:

First, (dangerous?) you must su and login as root then cd to /etc/pam.d
There are two files: gdm and gdm-password. Use your editor and
Comment this statement for both files:

# auth required pam_succeed_if.so user != root quiet

Save and logout. Try login as root. You should be.

After login as root and play around, I found the above changes were not enough. Thanks to my-guides.net, I found the last piece that fixed the problem.

You need to edit another file: /etc/PolicyKit/PolicyKit.conf
and add
between .

That will do the job.

The missing statement between is

Thanks a tonnnnn Gregory. Somehow I could never find the answer for this , instead of getting ridiculed for wanting this. 🙂

Thanks for command “sudo passwd root” !!

you didn’t answer the question!

you condescendingly gave some “best practices” advice, and then proceeded to explain out how to do something else.

I have to agree that the entire tenor of this conversation is offensive. Crossing the street is dangerous, also, but I do it anyway. My mother taught me the risks when I was quite small, as well as how to do it safely. If you really want to keep UBUNTU safe from learning problems, I suggest that you lock down the entire system and send us all to a Windows app.

Instead, please stop insulting all of us who are adults and capable of taking our own risks. I need to open the folder /etc/openvpn using my GUI and add a file to the folder. Stop patronizing me and tell me how to do this please.

I agree whole-heartedly. Uber-geek Linux users can be extremely condescending. I’ve had them to tell me to RTFM. Which one? The “right” one”? The “other” one. The one that applies to my distro? Oh wait, that distro has tons of bugs, but the upcoming distro gives you a workaround. RTFM!
How bout this? FTFM ! FIX it. Fix all the crappy and conflicting documentation. Yeah, this thing is “free”. But when all the wasted time getting things to work is considered, it’s more expensive than products from The Dark Empire. Bottom line is, if you’re going to do something, whether it’s for free or not, do it right and make it work like you say it does. Or don’t do it at all.
You people have a lot of nerve criticizing Windows when you worship a product that is a stone’s throw away from hieroglyphics and documented in glyphs.
Cheers, ubers …

I agree wholeheartedly. I need Linux for a project, but it, and all other Linux distros I’ve used, seems to be dwelling in the past, and the developers delight in their backward approach and to delight in making things difficult. Personally, I think it’s almost up to the Windows 98 point, but not quite there yet….

Источник