Automating the "sudo su - user" command

Question

I want to automate

sudo su - user

from a script. It should then ask for a password.

score 10 · Answer 1 · answered Feb 09 '11 at 11:37

I will try and guess what you asked.

If you want to use sudo su - user without a password, you should (if you have the privileges) do the following on you sudoers file:

<youuser>  ALL = NOPASSWD: /bin/su - <otheruser>

where:

<yourusername> is you username :D (saumun89, i.e.)
<otheruser> is the user you want to change to

Then put into the script:

sudo /bin/su - <otheruser>

Doing just this, won't get subsequent commands get run by <otheruser>, it will spawn a new shell. If you want to run another command from within the script as this other user, you should use something like:

 sudo -u <otheruser> <command>

And in sudoers file:

<yourusername>  ALL = (<otheruser>) NOPASSWD: <command>

Obviously, a more generic line like:

<yourusername> ALL = (ALL) NOPASSWD: ALL

Will get things done, but would grant the permission to do anything as anyone.

score 5 · Answer 2 · edited Feb 25 '12 at 04:25

You can use command

 echo "your_password" | sudo -S [rest of your parameters for sudo]

(Of course without [ and ])

Please note that you should protect your script from read access from unauthorized users. If you want to read password from separate file, you can use

  sudo -S [rest of your parameters for sudo] < /etc/sudo_password_file

(Or whatever is the name of password file, containing password and single line break.)

From sudo man page:

   -S          The -S (stdin) option causes sudo to read the password from
               the standard input instead of the terminal device.  The
               password must be followed by a newline character.

score 1 · Answer 3 · edited Dec 06 '19 at 17:40

1

When you login into a shell session via putty or moba where you have stored the login credentials for a non root account, simply add this command to be executed upon login in by putty or moba and it will switch your access to root right away.

echo "PASSWORD" | sudo -S su - && sudo su

edited Dec 06 '19 at 17:40

peterh

2,782

answered Dec 06 '19 at 17:02

Andy

11

Mikel · Answer 4 · 2011-02-09T11:31:21.060

The easiest way is to make it so that user doesn't have to type a password at all.

You can do that by running visudo, then changing the line that looks like:

someuser  ALL=(ALL) ALL

to

someuser  ALL=(ALL) NOPASSWD: ALL

However if it's just for one script, it would be more secure to restrict passwordless access to only that script, and remove the (ALL), so they can only run it as root, not any user , e.g.

Cmnd_Alias THESCRIPT = /usr/local/bin/scriptname

someuser  ALL=NOPASSWD: THESCRIPT

Run man 5 sudoers to see all the details in the sudoers man page.

score 0 · Answer 5 · answered Feb 14 '20 at 15:01

Alternately you can use python pudo package: https://pypi.org/project/pudo/1.0.0/

Installation:

user$ sudo -H pip3 install pudo # you can install using pip2 also

Below is the code snippit for using in python automation for running cmds under root privilege::

user$ python3 # or python2
>>> import pudo
>>> (ret, out) = pudo.run(('ls', '/root')) # or pudo.run('ls /root')
>>> print(ret)
>>> 0
>>> print(out)
>>> b'Desktop\nDownloads\nPictures\nMusic\n'

Below is the cmd example for running cmds under root privilege

user$ pudo ls /root
Desktop  Downloads  Pictures  Music

Automating the "sudo su - user" command

5 Answers5

Linked

Related