Ubuntu – How to get an interactive shell as another non-root user

privilegessudo

I'm using Ubuntu 10.04 LTS server, with the default security model (root locked, using sudo to elevate privileges). I occasionally enjoy using sudo -i when I'll need to run a series of commands with elevated privileges, or when I need to rummage around in directories with root-only privileges.

Sometimes, when setting up software that'll run as its own non-privileged system account (adduser --system --group --no-create-home --disabled-login some-daemon-user) I find that I need to run a sequence of commands as that user, rather than myself or root. I've tried using sudo -i -u some-daemon-user, but it just returns a 1 status without any error message.

I've checked the syslog, messages, auth, and debug log files in /var/log and none of them include any messages that reference sudo or the account in question.

So, is it possible to become another non-root user, sudo-style without just setting a password and logging in (as them)? Is my system 'broken' in some way or am I just doing it wrong?

Best Answer

Ahmm.. the problem is that the standard shell of those users is normally set to /bin/false and for security reasons you should not change this. But you can still run for example: sudo -u www-data /bin/sh

Related Solutions

Bash – How to Create a User with Root Privileges

Haven't tried it but this should create a new user and add them to the sudo group, which if your /etc/sudoers is as default, should mean they're allowed to use sudo with their password (just like the standard first user):

sudo adduser --group sudo newusername

If you've already created the user, you can just run:

sudo adduser existing_user sudo

man adduser will show you some of the other billion permutations and combinations of arguments this tool has.

Note: If you use Ubuntu 11.10 or older, you should use the admin group instead of sudo.

How to Run Commands as Non-Root User in Root-Permission Script

If you start your script with root permissions but need to run certain commands as a specific non-root user you can use sudo with the -u option to either run a single command with e.g.

sudo -u USERNAME whoami # outputs USERNAME's user name

or start a subshell and run your commands in it, e.g.:

sudo -u USERNAME bash -c 'whoami;echo $USER' # outputs USERNAME's user name twice

The line in your script doesn't fail actually, you just run only bash as user meteor, and as bash has nothing to do it just exits and the original root shell runs the rest of the script. What you actually want to do (I suppose) is:

…
echo "Trying sudo -u meteor bash"
sudo -u meteor bash -c '\
  echo "$ whoami" && whoami && echo "^^^^^^ meteor expected"
  curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.6/install.sh |\
  bash
'
echo "ls -al /home/meteor/.nvm # should be populated"
…

Another way to achieve the same is a here document:

…
echo "Trying sudo -u meteor bash"
sudo -u meteor bash <<EOF
  echo "$ whoami" && whoami && echo "^^^^^^ meteor expected"
  curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.6/install.sh |\
  bash
EOF
echo "ls -al /home/meteor/.nvm # should be populated"
…

Best Answer

Related Solutions

Bash – How to Create a User with Root Privileges

How to Run Commands as Non-Root User in Root-Permission Script

Related Question