How can i run a part of a script as a different user?

Solution 1

I would expect that the script stops at the "su" command because it's prompting for a password and not getting one.

As often multiple solutions for that :)

Instead of "su" use "sudo" which has the -S switch to accept a password from standard input:

echo "password" | sudo -S -u USER1 sh -c "...

Alternatively move that section of your application/script that needs to run as a different user to a helper application. You can then avoid scripting with a stored clear text password (which has some security concerns) by using the set-uid and set-gid on that helper application:

chown USER1.GRP1 helperapp
chmod 6755 helperapp

The risk you run with this is that now anyone on the system can run helperapp as USER1. Instead of using set-uid/gid you can use configure sudo to allow a specific user to run het helperapp as USER1 without a password prompt (this requires admin/root priviliges):

# /etc/sudoers
# Allow USER2 to run helperapp as USER1 without prompting for a password
USER2 ALL=(USER1) NOPASSWD:/path/to/helperapp

your code can then look something like this:

#!/bin/ksh
(some code)
Log=~/my.log
chown USER1 filename

sudo -u USER1  /path/to/helperapp |  tee -a ${Log} 2>&1;

None of this was tested and use at your own peril...

Solution 2

Since you are running su -, you are telling su to run a login shell. A login shell ignored its -c argument and reads commands interactively instead. The solution is to not pass -.

If you want to read the target user's startup file, do that explicitly.

su - USER1 <<EOF
date
if [ -e ~/.profile ]; then . ~/.profile; fi
…
EOF 2>&1 | tee -a -- "$LOG"

Related videos on Youtube