How can I get an interactive shell as another non-root user?

sudo privileges
26,918

Solution 1

Ahmm.. the problem is that the standard shell of those users is normally set to /bin/false and for security reasons you should not change this. But you can still run for example: sudo -u www-data /bin/sh

Solution 2

sudo -i runs the shell specified by the password database entry of the target user, which is /bin/false for your system user.

Use

 sudo -u some-daemon-user bash

or 

sudo -u some-daemon-user -H bash

if you want to set the $HOME environment variable set for the target user.

Share:
26,918

Related videos on Youtube

Calrion
Author by

Calrion

Updated on September 18, 2022

Comments

  • Calrion
    Calrion over 1 year

    I'm using Ubuntu 10.04 LTS server, with the default security model (root locked, using sudo to elevate privileges). I occasionally enjoy using sudo -i when I'll need to run a series of commands with elevated privileges, or when I need to rummage around in directories with root-only privileges.

    Sometimes, when setting up software that'll run as its own non-privileged system account (adduser --system --group --no-create-home --disabled-login some-daemon-user) I find that I need to run a sequence of commands as that user, rather than myself or root. I've tried using sudo -i -u some-daemon-user, but it just returns a 1 status without any error message.

    I've checked the syslog, messages, auth, and debug log files in /var/log and none of them include any messages that reference sudo or the account in question.

    So, is it possible to become another non-root user, sudo-style without just setting a password and logging in (as them)? Is my system 'broken' in some way or am I just doing it wrong?

  • Calrion
    Calrion over 11 years
    Can you give more details on the "security reasons"? Is it any different if I use sudo to run a shell as the user, as Florian suggests above?
  • Paul Hänsch
    Paul Hänsch over 11 years
    The reason is, that any attacker accomplishing a login as a system user, i.e. by exploiting a bug in the login program, is less likely to end up with a valid shell. So, you should leave the setting as it is in the /etc/passwd file, even if it's just for good karma. Invoking the shell directly via sudo is unrelated to this.
  • Calrion
    Calrion over 11 years
    So the issue is setting a shell in the passwd file, not actually running a shell as the user. Gotcha!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Allow certain guests to execute certain commands
vim unable to write to files even though sudo is used
How to use Vlc with sudo privileges?
How to configure pkexec to not ask for password?
Disable sudo permission to user from command line
How to NOT become a root user? Are administrators root?
How do I grant sudo privileges to an existing user?
Why do we need to be root in terminal for shutdown and restart?
I'm not getting privileges, edited /etc/sudoers
cant add user to sudo group in centOS 7 i386(no GUI,Its minimal)