Run a shell script as another user that has no password
Solution 1
You can do that with su or sudo, no need for both.
sudo -H -u otheruser bash -c 'echo "I am $USER, with uid $UID"'
The relevant parts of man sudo:
-H The -H (HOME) option requests that the security policy set
the HOME environment variable to the home directory of the
target user (root by default) as specified by the password
database. Depending on the policy, this may be the default
behavior.
-u user The -u (user) option causes sudo to run the specified
command as a user other than root. To specify a uid
instead of a user name, use #uid. When running commands as
a uid, many shells require that the '#' be escaped with a
backslash ('\'). Security policies may restrict uids to
those listed in the password database. The sudoers policy
allows uids that are not in the password database as long
as the targetpw option is not set. Other security policies
may not support this.
su can only switch user without providing a password if you are root. See Caleb's answer
You can modify the /etc/pam.d/su file to allow su without password. See this answer.
If you modified your auth file to the following, any user that was part of group somegroup could su to otheruser without a password.
auth sufficient pam_rootok.so
auth [success=ignore default=1] pam_succeed_if.so user = otheruser
auth sufficient pam_succeed_if.so use_uid user ingroup somegroup
Then test from terminal
rubo77@local$ su otheruser -c 'echo "hello from $USER"'
hello from otheruser
Solution 2
If you want to use su instead of sudo, I believe you can use something like this:
su - <username> -c "<commands>"
-
-will simulate a login of the specified user -
-ctells it that you want to run a command
ps. Unfortunately I'm not able to install ruby using rvm with this method, but that's probably not related.
Solution 3
The answers above are really useful to me but to answer the actual question...
How can I affirm that the script is really running under that user now?-
Use:
ps -ef | grep <command-name>
The output should include your script and the actual user executing it. People on BSD-like systems, e.g. MAC can find similar information with:
ps aux | grep <command-name>
Solution 4
Make sure you switch to root user with command sudo su and then use the command
su user -s <command>
For example: su www-data -s bin/magento cache:clean
Solution 5
I had the same problem.
Just type in the command screen -dmS testscreen this will create a detached screen on your non-sudo user account and then you can log it and check if this screen is there by screen -ls.
Related videos on Youtube
10 : 16
10 : 38
03 : 01
02 : 04
04 : 46
Comments
-
rubo77 almost 2 years
I would like to run a script from the main ubuntu shell as a different user that has no password.
I have full sudo privileges, so I tried this:
sudo su -c "Your command right here" -s /bin/sh otheruserThen I have to enter my password, but I am not sure if that script is now really running under that user.
How can I confirm that the script is really running under that user now?
-
rubo77 over 9 yearsCan you please add how to do it with just
sutoo? -
IanVaughan almost 9 yearsThis asks me for a password :-(
-
IanVaughan almost 9 yearsI needed to add
sudoto the beginning otherwise it asked me for my password. -
geirha almost 9 years@IanVaughan, With default configuration (of sudo), you will get asked for a password unless you run it as root. You can configure sudo to "allow user A to run cmd C as user B without requiring a password". See help.ubuntu.com/community/Sudoers
-
Nate over 8 yearsI'm prompted for a password when running this as root. Any suggestions?
-
geirha over 8 years@Nate, have you made some changes to the sudoers file. The default configuration allows root to run anything as anyone, without requiring a password.
-
Victor over 8 yearsWIll this change the
HOMEvariable just for the command I run? (meaning that the next ones will be run as before) -
William about 7 yearsDoes this work for GUI applications?
-
Samuel Åslund almost 7 yearsTo use "su" you need the root password, the point of "sudo" is to avoid that. If you have the root password using "su" as above should work fine.
-
xi.lin almost 7 years@Victor Yes, you can try
sudo -H -u user bash -c 'echo ~' -
Dean Howell almost 6 yearsLinux users can use ps aux.
-
Samuel Åslund almost 6 years@DeanHowell; True, but MAC users can not use "ps -ef" and the "ps aux" is BSD options, only available as a compatibility feature while the "ps -ef" is standardized Unix/POSIX options.
-
Nam G VU over 5 yearsThis trigger password prompt for me too - even when I already config it not to with
myuser ALL=NOPASSWD: ALLin sudo visudo -
geirha over 5 years@NamGVU keep in mind that order matters. If your sudoers has a rule further down that sets other permissions for your user, or a group you're a member of, that will override your NOPASSWD rule.
-
Nam G VU over 5 years@geirha Thank u for the warning. My
visudocontent is very short and only a few line definin the NOPASSWD as above. -
ImranRazaKhan about 4 years@geirha sudo -H not working on centos
-
geirha about 4 years@ImranRazaKhan how do you tell it isn't working?
-
PLG over 3 years"unfortunately I'm not able to install ruby using rvm with this method": when I used this command, the resulting path was bare (e.g.,
/bin:/usr/bin), so my command (similar to yourrvm) wasn't found. -
WinEunuuchs2Unix over 3 yearsYou should show the actual line(s) that would be inserted intosudoersfile. -
woodz over 3 yearsand what about switching to a specific group?
-
Nate T over 2 yearsNo simulation involved. Usingsu, you are performing a login.suliterally stands for "switch user".sudolets you mask yourself as the root user, whereassulets you log in as that user (or any user so long as you have the appropriate passwod.) Usingsudo suis like saying "Hey, this is the root account . Could you switch me to the root account?" That said, it still has it's place. -
Mohammed Noureldin over 2 yearsThis is the only solution that worked for me! Thanks! -
rubo77 over 2 yearsCan you elaborate runuser and the double hyphen --?
