How to switch to different user inside a shell script and execute some command with the new user?

bash shell unix aix
18,318

It's not a good idea to store passwords in scripts, or attempt to stream them into su. The better approach is to use sudo.

Since you're allowing USER1 to act as USER2 without a password, you can set up /etc/sudoers like this:

USER1 localhost=(USER2) NOPASSWD: ALL

Then you can invoke sudo as USER1 as follows:

sudo -u USER2 bash

If you want to lock it down a bit more, you can specify a script that the user is allowed to execute. The line in /etc/sudoers might look like:

USER1 localhost=(USER2) NOPASSWD: /home/USER1/setup.sh

And you would call:

sudo -u USER2 /home/USER1/setup.sh

Note in this last example, I think that USER2 would need to have an actual shell configured in /etc/passwd (i.e. NOT /bin/false).

Share:
18,318
Rohith
Author by

Rohith

Updated on June 04, 2022

Comments

  • Rohith
    Rohith almost 2 years

    I am currently logged into "SERVER1" with user "USER1", and i have placed my bash script here. This script has to switch to different user "USER2" on the same server "SERVER1" and execute some commands with the new switched user.

    Note: USER1 is not a root user, so i need to specify the USER2 password inside the script, but in a encrypted format.

    Please help me in achieving this..!

    #!/bin/bash

command1
command2
.
.
...

echo "PASSWORD" | su USER2 << EOF
command1
command2
.
.
...

    Please note, i don't want to change any configuration files here to achieve this.

  • Rohith
    Rohith over 7 years
    ya.. i know this. I was just trying to get it done without touching /etc/sudoers file, as i am not a root user to edit it. Thanks for the reply..!
  • Jonathan Leffler
    Jonathan Leffler over 7 years
    @Rohith: If there are painful limitations like "I can't add anything to /etc/sudoers", then you should list them in the question so that people can avoid giving you the obvious sensible answer when it doesn't meet your requirements because of the limitations. (There's also a difference between "don't want to" and "do not have permission to" w.r.t "edit configuration files".) If you can't hack /etc/sudoers, you may need to explore expect in combination with su or something similarly devious. That's not a good solution; it might be a better solution, though.
  • paddy
    paddy over 7 years
    If you don't have root privileges on that system, then what business do you have executing commands as another user?
  • Rohith
    Rohith over 7 years
    @JonathanLeffler: Sure will try that.
  • Rohith
    Rohith over 7 years
    @paddy: I am from Automation Team, i don't have root privileges on the PROD servers, SysAdmins do. They might not agree to edit /etc/sudoers, will check with them. Thanks..!
  • paddy
    paddy over 7 years
    sudo is definitely a better option. A grungier option would be to use ssh along with ~/.ssh/config to allow password-free sessions.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

shell script to create folder daily with time-stamp and push time-stamp generated logs
BASH: Dialog input in a variable
Define function in unix/linux command line (e.g. BASH)
want to exit after tail command in unix
Error: Tar command not found
Check if a file exists in a linux script
Variable scope for bash shell scripts and functions in the script
Unix to verify file has no content and empty lines
why is this simple FOR LOOP in my Linux bash not working?
Cat with wildcard