How to run commands as another user in Linux scripts
Naturally enough, when you run a command or script, the system runs it as a process you started. But you can run commands and scripts as another user.
Processes have owners
When a program or script is executed, Linux creates a process. This process has an owner. The owner is either another process or the name of a user account if someone started it.
The ownership of a process defines some of the capabilities and environment of the process. Depending on how the process was started, it inherits certain attributes from its parent process or from the user. Or, more strictly, the process used by the user to launch the program, which is usually a shell.
Running a command or script as another user can be useful because ownership of all files created by the process will belong to the appropriate user.
Every time we use sudo
we are executing a command as another user. The default user account used by sudo
is the root or “super” user. Because of that, sudo
is often mistakenly considered to represent super user do. But that’s just soft jargon. It actually represents replacement user do.
With sudo
, you can run commands as any other user, not just root. Ironically, you need root privileges to do this. But launching a program or script belonging to another user is not the same as running this process as that other user. You will always run it as root.
Here’s how to actually run a process as another user, and how to run commands from a script as if they were run by another user.
Run a script as another user
We use a computer on which several users are configured. One is Mary, who has the username maryq, and the other is Dave with the username dave.
Mary has a script called “other-user.sh” in her home directory. This is the script text.
#!/bin/bash echo "Script name:" $0 echo "Working directory:" $(pwd) echo "Script running as user:" $(whoami)
It prints the name of the script, which is contained in the $0
environment variables. He then uses pwd
to print the working directory. Finally, he uses the whoami
command to print the name of the user who launched the script. or who it is think started the scenario.
Copy the text of the script into an editor and save it as “other-user.sh” in the home directory of another user account.
We will need to make the script executable. We will use the chmod
order and use +x
(execute) and the option -u
(user) to set the run flag for the owner only. This means that only Mary can run the script. We will check file permissions with ls
.
chmod u+x other-user.sh
ls
From left to right, the permissions read:
- The owner can read, write and execute the file.
- Group members can read and write the file.
- Others can only read the file.
So the only users able to run the script are Mary and root. Here’s what happens when Mary runs the script:
./other-user.sh
We are told that the script’s current working directory is Mary’s home directory, and the owner of the script is the maryq user account.
As expected, Dave cannot run the script.
/home/maryq/other-user.sh
If Dave has root user privileges, he can try to run the script as root, using sudo
.
sudo /home/maryq/other-user.sh
It is a partial success. The script runs, but the script owner is root, not maryq.
The trick we have to use is the sudo -u
option (user). This allows you to specify the user under which you want to run the command. If you don’t use the -u
option, sudo
uses root by default. If we want to run the command as Mary, we need to pass their user account name to the sudo
ordered.
sudo -u maryq /home/maryq/other-user.sh
This time the script reports that the owner of the process is maryq.
Let’s add a line to the “other-user.sh” script. Good echo
some text and redirect the output to a file called “mary.txt”.
#!/bin/bash echo "Script name:" $0 echo "Working directory:" $(pwd) echo "Script running as user:" $(whoami) echo "This is going into a file in /home/maryq/" > /home/maryq/mary.txt
We create the new file in Mary’s home directory. It’s perfectly fine because we’re running the script as Mary.
./other-user.sh
If we check in Mary’s home directory, we will see that the file was created and ownership of the file belongs to the user account maryq.
ls -hl mary.txt
This is the same behavior we would see if Mary had actually run the script herself.
RELATED: How to use the chmod command in Linux
The runuser Command
You could use the sudo -u
commands we’ve used so far inside a script, but there’s another command, runuser
, that’s designed to run processes as a different user from inside scripts. It has better handling of the return code from the launched process, and it has fewer overheads than sudo
.
The runuser
command needs to be run by root, but that is accomplished by running the entire script as root. You don’t need to use sudo
inside the script. The runuser
command can be used on the command line, too, so isn’t restricted to script use, although it is the preferred method for scripts.
Dave can’t list the “mary.txt” file because it is in Mary’s home directory and he doesn’t have access.
cat /home/maryq/mary.txt
We can take a look inside the file using runuser
, Nevertheless. The -
(login) launches a new shell with an environment very close to the shell environment Mary would have had she actually logged in. -c
The option (command) is followed by the command we want to execute.
sudo runuser - maryq -c 'cat mary.txt'
Note that the command does not need the full path to the file. We can reference the file the same way Mary would, relative to her home directory.
As user Dave, we will create a script called “run-maryq.sh” with this text:
#!/bin/bash runuser -l maryq -c 'cat mary.txt'
We will make it executable:
chmod +x run-maryq.sh
Let’s see what happens when we try to run it.
./run-maryq.sh
The runuser
The command complains because it is executed by a normal user. Let’s start again with sudo
.
sudo ./run-maryq.sh
It works as we would like, and as if Mary had started the script herself.
Which to use?
On the command line, there aren’t many choices between them. But as you must use sudo
with runuser
anyway, might as well use sudo
all alone.
But in one scenario, runuser
is the preferred command.
RELATED: 10 basic Linux commands for beginners
Comments are closed.