Run a shell script as another user that has no password


Dear nixCraft,

I just want to know how to run Linux commands as another user or as root user?

Confused About Linux commands.

Dear Confused,

You can use the following commands to run as another user or as root user.

#1: runuser command

The runuser command run a shell with substitute user and group IDs. This command is useful only when run as the root user:

Only session PAM hooks are run, and there is no password prompt. If run as a non-root user without privilege to set user ID, the command will fail as the binary is not setuid. As runuser doesn’t run auth and account PAM hooks, it runs with lower overhead than su.

The syntax is:

For example, as a root user you may want to check shell resource limits for oracle user, enter:
# runuser -l oracle -c 'ulimit -SHa'
OR check nginx or lighttpd web server limitations:
# runuser -l nginx -c 'ulimit -SHa'
# runuser -l lighttpd -c...

0 0
0 0

The term “shell scripting” gets mentioned often in Linux forums, but many users aren’t familiar with it. Learning this easy and powerful programming method can help you save time, learn the command-line better, and banish tedious file management tasks.

What Is Shell Scripting?

Being a Linux user means you play around with the command-line. Like it or not, there are just some things that are done much more easily via this interface than by pointing and clicking. The more you use and learn the command-line, the more you see its potential. Well, the command-line itself is a program: the shell. Most Linux distros today use Bash, and this is what you’re really entering commands into.

Now, some of you who used Windows before using Linux may remember batch files. These were little text files that you could fill with commands to execute and Windows would run them in turn. It was a clever and neat way to get some things done, like run games in your high school...

0 0


sudo, sudoedit - execute a command as another user


sudo -h | -K | -k | -V

sudo -v [-AknS] [-g group name | #gid] [-p prompt] [-u user name | #uid]

sudo -l[l] [-AknS] [-g group name | #gid] [-p prompt] [-U user name] [-u user name | #uid] [command]

sudo [-AbEHnPS] [-C fd] [-g group name | #gid] [-p prompt] [-r role] [-t type] [-u user name | #uid] [VAR=value] -i | -s [command]

sudoedit [-AnS] [-C fd] [-g group name | #gid] [-p prompt] [-u user name | #uid] file ...


sudo allows a permitted user to execute a command as the superuser or another user, as specified by the security policy.

sudo supports a plugin architecture for security policies and input/output logging. Third parties can develop and distribute their own policy and I/O logging plugins to work seamlessly with the sudo front end. The default security policy is sudoers, which is configured via the file /etc/sudoers, or via...

0 0

I have a script named "als" that parses the aliases in a user's .bashrc file that I'd like to run for any user logging in via SSH.

This should display similar to a Message of the day (MOTD) banner. MOTD banners are static data though.

Here's the code.

#!/bin/bash echo echo Your aliases: echo \(from ~/.bashrc\) echo cat .bashrc | egrep 'alias.+\=' | tr -s [:space:] | sed 's_^ alias_alias_' | sed 's_alias__' | sort | sed 's_=_\t\t_' | sed 's_^ __'

It works if I append ./als to my ~/.profile file, but this only executes for me. Again, I'd like this to run for all users on shell login

Other Tips. How do you show a hidden folder (specifically .minecraft) in Ubuntu 14.04? I am somewhat new to Ubuntu 14.04 and can't seem to find the "view" menu. Maximize the folder . Go to the top menu -->View->Show hidden files: Or by pressing ctrl + H For permanently show hidden files, you can Edit>Preferences as below: By terminal you should : cd...

0 0

Recipe 5.1 Running a root Login Shell

5.1.1 Problem

While logged in as a normal user, you need to run programs with root privileges as if root had logged in.

5.1.2 Solution

$ su -

5.1.3 Discussion

This recipe might seem trivial, but some Linux users don't realize that su alone does not create a full root environment. Rather, it runs a root shell but leaves the original user's environment largely intact. Important environment variables such as USER, MAIL, and PWD can remain unchanged.

su - (or equivalently, su -l or su —login) runs a login shell, clearing the original user's environment and running all the startup scripts in ~root that would be run on login (e.g., .bash_profile).

Look what changes in your environment when you run su:

$ env > /tmp/env.user $ su # env > /tmp/env.rootshell # diff /tmp/env.user /tmp/env.rootshell # exit

Now compare the environment of a root shell and a root login shell:

$ su...
0 0


Say I am running a script using my user id csaha. How can I run any specific command in the same sctipr using any other user id (say root). Definitely I have the password of root. Any idea how the same can be achieved ???


I need to run a script using my id (csaha) only on csaha dir, but needs to access few files in stadby dir (as shown below ).

Clearly visible I need to give +rx permission (i.e. need to run "chmod +rx standby") before that using my script and root userid and want to revert back once the script is complete.

[csaha@server-a home]# ls -ltr
drwxr-xr-x 4 csaha perforce 4096 Feb 15 20:12 csaha
drwx------ 54 perforce perforce 4096 Feb 16 03:05 standby

Thanks a lot to all in advance

0 0

I have a script that runs lots and lots of root commands, copying files in /usr/...stuff like that, then i want to switch users back to the original user and run some gconf tweaks, I need to update a series of gconf values for a user after copying all the root files, but I noticed once your in root, any gconf values you change, change roots information, not the user who started the script useing sudo. So i was wondering how you would run a script as root, then after your done with all the root commands, "un-root" to the current user who started the script and run the gconf edits: I put together this so far. It a script that you run, it detects if it was started as root and if not it asks for root password and re-spawns its self exiting out the first instance, then the script runs, switches to the original user after all files are copyed over and starts to run the Military Time custom format update. Code: OUSER="`whoami`" if [ "$(id -u)" != "0" ]; then...

0 0
0 0
ox1d0 has asked for the wisdom of the Perl Monks concerning the following question:

Hello Monks Sorry for my babyperl , I had happy perl learning, but I find a little Wtf! issue. I try to get db2versions, db2instances and list of data bases without modules. I have The "root powEr!" but When I trying "su - $user -c 'command to get DB list' " I get some like this.

Product instance full path /opt/wheredb2/Version Current instance Userid

but the command doesn't execute

This is my code ...

use warnings; use diagnostics; use strict; use 5.010; use Cwd; use DB2::Admin::Constants; ############################## + + + + ###Get Version and instances## + + + + ...

0 0

You can do that with su or sudo, no need for both.

sudo -H -u otheruser bash -c 'echo "I am $USER, with uid $UID"'

The relevant parts of man sudo:

-H The -H (HOME) option requests that the security policy set the HOME environment variable to the home directory of the target user (root by default) as specified by the password database. Depending on the policy, this may be the default behavior.


-u user The -u (user) option causes sudo to run the specified command as a user other than root. To specify a uid instead of a user name, use #uid. When running commands as a uid, many shells require that the '#' be escaped with a backslash ('\'). Security policies may restrict uids to those listed in the password database. The sudoers policy allows uids that are not in the password database as long as the targetpw option is not set. Other security policies ...
0 0

In the file you put in /etc/init.d/ you have to set it executable with:

chmod +x /etc/init.d/start_my_app

Thanks to @meetamit, if this does not run you have to create a symlink to /etc/rc.d/

ln -s /etc/init.d/start_my_app /etc/rc.d/

Please note that on latest Debian, this will not work as your script have to be LSB compliant (provide, at least, the following actions: start, stop, restart, force-reload, and status):

As a note, you should put the absolute path of your script instead of a relative one, it may solves unexpected issues:


And don't forget to add on top of that file:

0 0

You can override by enabling Password less authentication. But you should install keys (pub, priv) before going for that.

Execute the following commands at local server.

Local $> ssh-keygen -t rsa

Press ENTER for all options prompted. No values need to be typed.

Local $> cd .ssh Local $> scp .ssh/ user@targetmachine: Prompts for pwd$> ENTERPASSWORD

Connect to remote server using the following command

Local $> ssh user@targetmachine Prompts for pwd$> ENTERPASSWORD

Execute the following commands at remote server

Remote $> mkdir .ssh Remote $> chmod 700 .ssh Remote $> cat >> .ssh/authorized_keys Remote $> chmod 600 .ssh/authorized_keys Remote $> exit

Execute the following command at local server to test password-less authentication. It should be connected without password.

$> ssh...
0 0
Hi, Sorry for putting this question in the wrong forum. Thanks for the detailed analysis and help. All the points mentioned by you are good and I have followed them. The only discrepancy I find is the user that my oracle proc uses when it tries to execute the shell script. in place of RUN_CMD('/home/ora11gr2/script/'); i have tried to fire RUN_CMD('/bin/env '); The output is : ************************************************ __CLSAGFW_TYPE_NAME=ora.service.type ORA_CRS_HOME=/oracle/grid/ TERM=xterm SHELL=/bin/bash __CRSD_CONNECT_STR=(ADDRESS=(PROTOCOL=IPC)(KEY=CRSD_IPC_SOCKET_11)) HISTSIZE=1000 NLS_LANG=AMERICAN_AMERICA.AL32UTF8 CRF_HOME=/oracle/grid/ GIPCD_PASSTHROUGH=false...
0 0

You need to use : "$@" (WITH the quotes) or "${@}" (same, but also telling the shell where the variable name starts and ends).

(and do NOT use : $@, or "$*", or $*).


#testscript1: echo "TestScript1 Arguments:" for an_arg in "$@" ; do echo "${an_arg}" done echo "nb of args: $#" ./testscript2 "$@" #invokes testscript2 with the same arguments we received

I'm not sure I understood your other requirement ( you want to invoke './testscript2' in single quotes?) so here are 2 wild guesses (changing the last line above) :

'./testscript2' "$@" #only makes sense if "/path/to/testscript2" containes spaces? ./testscript2 '"some thing" "another"' "$var" "$var2" #3 args to testscript2

Please give me the exact thing you are trying to do

edit: after his comment saying he attempts tesscript1 "$1" "$2" "$3" "$4" "$5" "$6" to run : salt 'remote host' './testscript2 $1 $2 $3 $4 $5 $6'

You have many levels of intermediate: testscript1 on host 1,...

0 0