Switch user command dictionary in Linux system

Time:2021-6-15

#1: Runuser command
The runuser command runs a shell with an alternate user or group ID. This command is only useful for root users.

Only runs with session PAM hook and no password prompt. If you use a non root user and the user does not have permission to set the user ID, the command will fail because the program does not have setuid. Because runuser does not run authentication and account PAM hooks, it is lower level than su.

Grammar:

Copy code

The code is as follows:

runuser -l userNameHere -c ‘command’
runuser -l userNameHere -c ‘/path/to/command arg1 arg2’

For example, as a root user, you may want to check the shell resource limit of Oracle user

Copy code

The code is as follows:

# runuser -l oracle -c ‘ulimit -SHa’

Or monitor the nginx or lighttpd web server restrictions:

Copy code

The code is as follows:

# runuser -l nginx -c ‘ulimit -SHa’

or

Copy code

The code is as follows:

# runuser -l lighttpd -c ‘ulimit -SHa’

Sometimes, root cannot browse NFS mounted shares due to permission (Security) issues

Copy code

The code is as follows:

# ls -l /nfs/wwwroot/cyberciti.biz/http

or

Copy code

The code is as follows:

# cd /nfs/wwwroot/cyberciti.biz/http

Possible outputs:

Copy code

The code is as follows:

-bash: cd: /nfs/wwwroot/cyberciti.biz/http/: Permission denied

Nevertheless, Apache users are allowed to browse or access the NFS based system mounted in / NFS / wwwroot / cyberciti.biz/http /

Copy code

The code is as follows:

# runuser -l apache -c ‘ls -l /nfs/wwwroot/cyberciti.biz/http/’

or

Copy code

The code is as follows:

# runuser -l apache -c ‘cd /nfs/wwwroot/cyberciti.biz/http/; vi index.php’

Use the runuser command, no password is needed, and it can only be used under the root user.

Available options:

-l: Let the shell be the login shell and use the runuser – L PAM file instead of the default
-g: Specify the primary group
-G additional group
-c: Command, a single command to pass to the shell
–Session command = command: use – C to pass a single command to the shell without creating a new session
-m: Environment variables are not reset.

#2: Su command
The Su command allows you to be a superuser or substitute user, spoof user, set user or switch user. It allows a linxu user to switch the current user to the target user whose password you know. The switch includes the running console or shell associated with it. Its syntax is as follows:

Copy code

The code is as follows:

su –
su – username

Switch to root
The Su command will ask for the password of the target user, and enter Su – in your shell command line to switch to the root user (you must know the password of the root user)

Copy code

The code is as follows:

or

Copy code

The code is as follows:

[email protected]:~$ su – root

Output example:

Password:

Copy code

The code is as follows:

If the correct root password is entered, the ownership of the session will be changed to the root account. Enter logout to exit a shell with root login, and enter whoamI or ID command to verify the owner of the current session

whoami
or
id
Run command with root account
The grammar is:

Copy code

The code is as follows:

su – root -c “command”

or

Copy code

The code is as follows:

su – -c “command arg1”

  Check the contents in the / root directory, which were originally inaccessible to ordinary users

Copy code

The code is as follows:

su – root -c “ls -l /root”

It should be noted that linix and some UNIX like systems have a wheel user group, and only users in this group are allowed to switch to root using su.

Use the Su command to have other users run the command
The following command is to switch to the Oracle account and display the restriction list:

Copy code

The code is as follows:

$ su – oracle -c ‘ulimit -aHS’

  Similarly, if the correct Oracle password is provided, session ownership will become an Oracle account. The log of Su command is saved in the system log, generally in / var / log / auth. Log (Debian / Ubuntu) or / var / log / secure (RHEL / CentOS).

#3: Sudo command
Sudo executes a command as another user, but it follows a set of rules about which users can execute those commands as other users. This rule is defined in the file / etc / sudoers. Unlike Su, sudo relies on the user’s own password to authenticate the user, rather than the user’s password to switch. When providing an audit trail of the commands and their arguments, sudo allows a system administrator to delegate root or other users to run some (or all) commands. This allows you to delegate a specified command to a specified user on a specified host without sharing a password between users. The syntax is as follows:

Copy code

The code is as follows:

sudo command

GUI tool considerations (front end GUI of Su and sudo)
The gksu command is the front end of Su, and gksudo is the front end of sudo. Their main purpose is to run graphical commands that require root privileges but do not need to run an X terminal emulator or to use Su directly. The syntax is as follows:

Copy code

The code is as follows:

gksu [-u <user>] [options] <command>
gksudo [-u <user>] [options] <command>

Enter only gksu and the following pop-up window will be displayed:

You will then be asked to enter the root password:

You can also run the following code directly:

Copy code

The code is as follows:

gksu -u root ‘ls /root’

Or, run the command as Oracle user:

Copy code

The code is as follows:

gksu -u oracle ‘ulimit -aHS’

Or log in as root:

Copy code

The code is as follows:

gksu -u root -l

 
Summary: runuser vs Su vs sudo