According to sudo manual:
By default, sudo does not modify HOME
It means that when your run sudo -u <dummy user> <command>
, HOME is unchanged and point to the invoking user home directory. More precisely, the entire environment remains unchanged, and the command is executed, therefore, in the environment of the user who invoked sudo
. Only uid
is changed and when command try to write in $HOME
it has not right permission.
In order to run command as <dummy user>
without being prompt for the password and have the right environment, you should create a simple file:
sudo visudo -f /etc/sudoers.d/myOverrides
with this directive:
<user> ALL= NOPASSWD:/bin/su
That allow <user>
to run su
command as root without being prompt for password (<user>
password) and running su
as root doesn't require to enter the target user's password (<dummy user>
in this case).
sudo su - <dummy user> -c /path/to/chromium-browser
Another better approach, change /etc/sudoers.d/myOverrides
with:
<user> ALL= (<dummy user>) NOPASSWD:/path/to/chromium-browser
this allow <user>
to run /path/to/chromium-browser
as <dummy user>
without being prompt for password.
sudo -u <dummy user> -i /path/to/chromium-browser
where -i option, according to sudo manual:
The -i (simulate initial login) option runs the shell specified in the
passwd(5) entry of the target user as a login shell. This means that
login-specific resource files such as .profile or .login will be read
by the shell. If a command is specified, it is passed to the shell
for execution. Otherwise, an interactive shell is executed. sudo
attempts to change to that user’s home directory before running the
shell. It also initializes the environment, leaving DISPLAY and TERM
unchanged, setting HOME, SHELL, USER, LOGNAME, and PATH, as well as
the contents of /etc/environment on Linux and AIX systems. All other
environment variables are removed.
Best Answer
Create a file with the required
NOPASSWD
line and drop it into/etc/sudoers.d
. To verify the correctness of the file, usevisudo
to create it:Then use
scp
or whatever means of control you use to send the files to the target systems.sudoers.d
files are read in lexicographic order, so use some numbering like00-something
,99-most-important
, etc. (like in/etc/grub.d/
) to make ordering easier.