52

Is there a way to make part of a script run as a different (non-root) user? If it helps , the part to be run as a different user occurs at the end of the script

Edit :
OS -> Ubuntu 9.04

Manish Mathai
  • 849
  • 2
  • 8
  • 12
  • 1
    possible duplicate of [Howto switch / chage user id witin a bash script to execute commands in the same script?](http://superuser.com/questions/468161/howto-switch-chage-user-id-witin-a-bash-script-to-execute-commands-in-the-same) – Dan Dascalescu Jul 11 '14 at 10:35

6 Answers6

57

Use the sudo command in the script.

In the form:

sudo -u username command

the sudo command runs command as the user username.

If the script is being run as root, I don't think it will prompt for a password. Otherwise, this article discusses how to use sudo with password in one command line?, and this article discusses how to use sudo without password?

Community
  • 1
pcapademic
  • 3,711
  • 3
  • 31
  • 30
12

# I=like:

#test if running bash as a different user works
sudo -u nobody bash -c : && RUNAS="sudo -u nobody"

echo 1: $USER

#Runs bash with commands between '_' as nobody if possible
$RUNAS bash<<_
echo 2: \$USER
_

echo 3: $USER

# ./run

1: root
2: nobody
3: root
AXE Labs
  • 777
  • 1
  • 6
  • 12
8

This answer is good, but the serverfault advice is slightly dangerous - would allow anyone to run anything as root! So I'm posting here because I can't format the comment.

I would recommend using visudo to give the permissions you need as precisely as you can. Type visudo and add a line like:

username hostname = NOPASSWD: /full/path/to/command1, full/path/to/command2

If you do need to run this same thing on many hosts, you could open it up with:

username ALL = NOPASSWD: /full/path/to/command1, full/path/to/command2

But I would **not* use either:

username ALL=(ALL) NOPASSWD: ALL

or username hostname = ALL

The sudoer man page has lots of gory details

Community
  • 1
DaveParillo
  • 14,505
  • 1
  • 39
  • 46
  • Would it work for a command available to a particular user only ? – Manish Mathai Jan 09 '10 at 09:42
  • You can specify that only particular users can run the command (in the examples above, replace `username` with the username who should be able to run the command). If the executable you want to run is only executable by one particular user, that's fine too - just pass that username in the `sudo -u username commandline` line of the script. – James Polley Jan 09 '10 at 10:31
  • @Manish. Yes. What the sudoers file says is "Allow this username on this host to run command1 without having to provide a password. – DaveParillo Jan 09 '10 at 17:23
4

For sonarqube:

sudo -u sonar /usr/bin/sonar start

where sonar is the name of user used to run the command /usr/bin/sonar start

Community
  • 1
burtsevyg
  • 227
  • 2
  • 3
4

This way, end of a script will be executed by different user (root). Please note the $[LINENO+2] and exit $? calls. These are required to make the end of the script to execute just once and to preserve the exit code of the sudo call.

#!/bin/bash                                                                                                                                                                                                                                  
echo $USER                                                                                                                                                                                                                                      

# pipe the rest of this script via a sudo call                                                                                                                                                                                                                                         
tail -n +$[LINENO+2] $0 | exec sudo bash                                                                                                                                                                                                     
exit $?                                                                                                                                                                                                                                     
echo $USER
exit 1
dparalen
  • 41
  • 2
2

not so sure about it, but if you want that ONLY the end of that script will run as a different user, you could add su someuser before the end of the script.

Am I missing something?

Hope that helps,

Regards

dag729
  • 1,944
  • 3
  • 21
  • 35
  • 1
    I think this is the most appropriate answer, having all other answers suggesting sudo, which is often not installed by default on some minimal linux installations. – Tim Jan 07 '18 at 03:04
  • 5
    `su someuser` will start a new shell, it won't execute the rest of the script. – Just a student Feb 14 '20 at 15:43
  • 1
    Yeah this won't work, it'll just go into a new shell then do nothing forever, the rest of the script won't be executed – Shardj Jan 25 '22 at 12:43