How can I get an interactive shell as another non-root user?
Solution 1
Ahmm.. the problem is that the standard shell of those users is normally set to /bin/false
and for security reasons you should not change this. But you can still run for example: sudo -u www-data /bin/sh
Solution 2
sudo -i
runs the shell specified by the password database entry of the target user, which is /bin/false
for your system user.
Use
sudo -u some-daemon-user bash
or
sudo -u some-daemon-user -H bash
if you want to set the $HOME environment variable set for the target user.
Related videos on Youtube
Calrion
Updated on September 18, 2022Comments
-
Calrion over 1 year
I'm using Ubuntu 10.04 LTS server, with the default security model (root locked, using
sudo
to elevate privileges). I occasionally enjoy usingsudo -i
when I'll need to run a series of commands with elevated privileges, or when I need to rummage around in directories with root-only privileges.Sometimes, when setting up software that'll run as its own non-privileged system account (
adduser --system --group --no-create-home --disabled-login some-daemon-user
) I find that I need to run a sequence of commands as that user, rather than myself or root. I've tried usingsudo -i -u some-daemon-user
, but it just returns a1
status without any error message.I've checked the
syslog
,messages
,auth
, anddebug
log files in/var/log
and none of them include any messages that referencesudo
or the account in question.So, is it possible to become another non-root user, sudo-style without just setting a password and logging in (as them)? Is my system 'broken' in some way or am I just doing it wrong?
-
Calrion over 11 yearsCan you give more details on the "security reasons"? Is it any different if I use
sudo
to run a shell as the user, as Florian suggests above? -
Paul Hänsch over 11 yearsThe reason is, that any attacker accomplishing a login as a system user, i.e. by exploiting a bug in the login program, is less likely to end up with a valid shell. So, you should leave the setting as it is in the /etc/passwd file, even if it's just for good karma. Invoking the shell directly via sudo is unrelated to this.
-
Calrion over 11 yearsSo the issue is setting a shell in the
passwd
file, not actually running a shell as the user. Gotcha!