I am in Ubuntu 9.04. Is there a way to make part of a script run as a different (non-root) user? If it helps, the part to be run as a different user occurs at the end of the script.
Asked
Active
Viewed 2e+01k times
8 Answers
63
Use the sudo command in the script.
In the form:
sudo -u username command
the sudo command runs command as the user username.
If the script is being run as root, I don't think it will prompt for a password. Otherwise, this article discusses how to use sudo with password in one command line?, and this article discusses how to use sudo without password?
pcapademic
- 3,821
13
# I=like:
#test if running bash as a different user works
sudo -u nobody bash -c : && RUNAS="sudo -u nobody"
echo 1: $USER
#Runs bash with commands between '_' as nobody if possible
$RUNAS bash<<_
echo 2: \$USER
_
echo 3: $USER
# ./run
1: root
2: nobody
3: root
AXE Labs
- 857
8
This answer is good, but the serverfault advice is slightly dangerous - would allow anyone to run anything as root! So I'm posting here because I can't format the comment.
I would recommend using visudo to give the permissions you need as precisely as you can. Type visudo and add a line like:
username hostname = NOPASSWD: /full/path/to/command1, full/path/to/command2
If you do need to run this same thing on many hosts, you could open it up with:
username ALL = NOPASSWD: /full/path/to/command1, full/path/to/command2
But I would **not* use either:
username ALL=(ALL) NOPASSWD: ALL
or username hostname = ALL
The sudoer man page has lots of gory details
DaveParillo
- 14,761
7
This way, end of a script will be executed by different user (root).
Please note the $[LINENO+2] and exit $? calls. These are required to make the end of the script to execute just once and to preserve the exit code of the sudo call.
#!/bin/bash
echo $USER
# pipe the rest of this script via a sudo call
tail -n +$[LINENO+2] $0 | exec sudo bash
exit $?
echo $USER
exit 1
dparalen
- 71
3
not so sure about it, but if you want that ONLY the end of that script will run as a different user, you could add su someuser before the end of the script.
Am I missing something?
Hope that helps,
Regards
dag729
- 1,964
1
I had a similar need as the OP, I had a good sized shell script that needs to be run as root, but a good portion of which I need to have run as another user. My solution was to put the entire contents of script (both the part that needs to be run by root, and the part that needs to be run as "other_user") in an if/elif block:
if [ $USER = "other_user" ]
then
## Run commands as user other_user
:
exit
elif [ $USER = "root" ]
then
## Run some commands as root
:
## Next, run this script as other_user
sudo -i -u other_user $0 "$@"
## Then run more commands as root
:
else
## Nobody else should run this script
echo "Permission denied"
exit 1
fi
user352726
- 11
1
OMG! There is runuser command in GNU/Linux package util-linux.
Examples:
runuser -l <user_name> -c 'echo "running as: $USER, with home dir: $HOME"'
with specific shell and some vars from root context:
runuser -l <user_name> -s /bin/bash -c 'diff -q "'$file1'" "'$file2'"' &>/dev/null"
scrat.squirrel
- 331