Automating the "sudo su - user" command

linux sudo su

59,120

Solution 1

I will try and guess what you asked.

If you want to use sudo su - user without a password, you should (if you have the privileges) do the following on you sudoers file:

<youuser>  ALL = NOPASSWD: /bin/su - <otheruser>

where:

<yourusername> is you username :D (saumun89, i.e.)
<otheruser> is the user you want to change to

Then put into the script:

sudo /bin/su - <otheruser>

Doing just this, won't get subsequent commands get run by <otheruser>, it will spawn a new shell. If you want to run another command from within the script as this other user, you should use something like:

 sudo -u <otheruser> <command>

And in sudoers file:

<yourusername>  ALL = (<otheruser>) NOPASSWD: <command>

Obviously, a more generic line like:

<yourusername> ALL = (ALL) NOPASSWD: ALL

Will get things done, but would grant the permission to do anything as anyone.

Solution 2

You can use command

 echo "your_password" | sudo -S [rest of your parameters for sudo]

(Of course without [ and ])

Please note that you should protect your script from read access from unauthorized users. If you want to read password from separate file, you can use

  sudo -S [rest of your parameters for sudo] < /etc/sudo_password_file

(Or whatever is the name of password file, containing password and single line break.)

From sudo man page:

   -S          The -S (stdin) option causes sudo to read the password from
               the standard input instead of the terminal device.  The
               password must be followed by a newline character.

Solution 3

When you login into a shell session via putty or moba where you have stored the login credentials for a non root account, simply add this command to be executed upon login in by putty or moba and it will switch your access to root right away.

echo "PASSWORD" | sudo -S su - && sudo su

Solution 4

The easiest way is to make it so that user doesn't have to type a password at all.

You can do that by running visudo, then changing the line that looks like:

someuser  ALL=(ALL) ALL

someuser  ALL=(ALL) NOPASSWD: ALL

However if it's just for one script, it would be more secure to restrict passwordless access to only that script, and remove the (ALL), so they can only run it as root, not any user , e.g.

Cmnd_Alias THESCRIPT = /usr/local/bin/scriptname

someuser  ALL=NOPASSWD: THESCRIPT

Run man 5 sudoers to see all the details in the sudoers man page.

View more solutions

59,120

sam

Updated on September 17, 2022

Comments

sam over 1 year
I want to automate
```
sudo su - user 
```
from a script. It should then ask for a password.
- user1686 over 13 years
  
  Don't sudo su - user, use sudo -iu user instead. (Easier to manage through sudoers, by the way.)
- JJ_Australia over 13 years
  
  How are you able to run sudo su without being able to run sudo visudo?
Torian over 13 years

you are out of luck ... you could do this with, lets say expect but that would let the password for your user hardcoded somewhere, where people could see it (granted that you setup permissions the right way, it could still be read by root).
Nethan over 13 years

Try using expect. man expect for details.
sam over 13 years

when the sudo su - user command gets executed,it asks for a password. i want a solution in which script automaticaaly reads password from somewhere. i dont have permission to do what u told earlier.
sam over 13 years

when the sudo su - user command gets executed,it asks for a password. i want a solution in which script automaticaaly reads password from somewhere. i dont have permission to edit sudoers file.i have the permission to store password in a file.the script should read password from that file
sam over 13 years

i have the permission to store password in a file. the script should read password from that file
AlexandruC over 9 years

This actually works for me.
Oscar Foley over 8 years

This is brilliant
peterh over 4 years

Welcome on the site! Please explain, how does it work.
Andy over 4 years

When you login into a shell session via putty or moba where you have stored the login credentials for a non root account, simply add this command to be executed upon login in by putty or moba and it will switch your access to root right away.
peterh over 4 years

Not in a comment, insert it into your answers. Comments are "secondary citizens", they are only for clarifications and so. The answer has to be a round thing, comprehensible even if all the comments are deleted.
Andy over 4 years

Sorry - thx for the clarification ;)