How to run commands as another user in Linux scripts

fatmawati achmad zaenuri/Shutterstock.com

Naturally enough, when you run a command or script, the system runs it as a process you started. But you can run commands and scripts as another user.

Processes have owners

When a program or script is executed, Linux creates a process. This process has an owner. The owner is either another process or the name of a user account if someone started it.

The ownership of a process defines some of the capabilities and environment of the process. Depending on how the process was started, it inherits certain attributes from its parent process or from the user. Or, more strictly, the process used by the user to launch the program, which is usually a shell.

Running a command or script as another user can be useful because ownership of all files created by the process will belong to the appropriate user.

Every time we use sudo we are executing a command as another user. The default user account used by sudo is the root or “super” user. Because of that, sudo is often mistakenly considered to represent super user do. But that’s just soft jargon. It actually represents replacement user do.

With sudo , you can run commands as any other user, not just root. Ironically, you need root privileges to do this. But launching a program or script belonging to another user is not the same as running this process as that other user. You will always run it as root.

Here’s how to actually run a process as another user, and how to run commands from a script as if they were run by another user.

Run a script as another user

We use a computer on which several users are configured. One is Mary, who has the username maryq, and the other is Dave with the username dave.

Mary has a script called “other-user.sh” in her home directory. This is the script text.

#!/bin/bash

echo "Script name:" $0
echo "Working directory:" $(pwd)
echo "Script running as user:" $(whoami)

It prints the name of the script, which is contained in the $0 environment variables. He then uses pwd to print the working directory. Finally, he uses the whoami command to print the name of the user who launched the script. or who it is think started the scenario.

Copy the text of the script into an editor and save it as “other-user.sh” in the home directory of another user account.

We will need to make the script executable. We will use the chmod order and use +x (execute) and the option -u (user) to set the run flag for the owner only. This means that only Mary can run the script. We will check file permissions with ls .

chmod u+x other-user.sh
ls

Set script execution permission so that only user Mary can execute it

From left to right, the permissions read:

  • The owner can read, write and execute the file.
  • Group members can read and write the file.
  • Others can only read the file.

So the only users able to run the script are Mary and root. Here’s what happens when Mary runs the script:

./other-user.sh

The output when Mary runs the script

We are told that the script’s current working directory is Mary’s home directory, and the owner of the script is the maryq user account.

As expected, Dave cannot run the script.

/home/maryq/other-user.sh

User Dave cannot run script, permission is denied

If Dave has root user privileges, he can try to run the script as root, using sudo .

sudo /home/maryq/other-user.sh

The output when the script is run by root

It is a partial success. The script runs, but the script owner is root, not maryq.

The trick we have to use is the sudo -u option (user). This allows you to specify the user under which you want to run the command. If you don’t use the -u option, sudo uses root by default. If we want to run the command as Mary, we need to pass their user account name to the sudo ordered.

sudo -u maryq /home/maryq/other-user.sh

Using the -u user option with root to run the script as user Mary

This time the script reports that the owner of the process is maryq.

Let’s add a line to the “other-user.sh” script. Good echo some text and redirect the output to a file called “mary.txt”.

#!/bin/bash

echo "Script name:" $0 
echo "Working directory:" $(pwd) 
echo "Script running as user:" $(whoami)
echo "This is going into a file in /home/maryq/" > /home/maryq/mary.txt

We create the new file in Mary’s home directory. It’s perfectly fine because we’re running the script as Mary.

./other-user.sh

Run the script one more time so that it creates a text file

If we check in Mary’s home directory, we will see that the file was created and ownership of the file belongs to the user account maryq.

ls -hl mary.txt

Checking ownership of the file created by the script

This is the same behavior we would see if Mary had actually run the script herself.

RELATED: How to use the chmod command in Linux


The runuser Command

You could use the sudo -u commands we’ve used so far inside a script, but there’s another command, runuser, that’s designed to run processes as a different user from inside scripts. It has better handling of the return code from the launched process, and it has fewer overheads than sudo.

The runuser command needs to be run by root, but that is accomplished by running the entire script as root. You don’t need to use sudo inside the script. The runuser command can be used on the command line, too, so isn’t restricted to script use, although it is the preferred method for scripts.

Dave can’t list the “mary.txt” file because it is in Mary’s home directory and he doesn’t have access.

cat /home/maryq/mary.txt

User Dave cannot read Mary's file, permission denied

We can take a look inside the file using runuser, Nevertheless. The - (login) launches a new shell with an environment very close to the shell environment Mary would have had she actually logged in. -c The option (command) is followed by the command we want to execute.

sudo runuser - maryq -c 'cat mary.txt'

Reading Mary's file using the runuser command

Note that the command does not need the full path to the file. We can reference the file the same way Mary would, relative to her home directory.

As user Dave, we will create a script called “run-maryq.sh” with this text:

#!/bin/bash

runuser -l maryq -c 'cat mary.txt'

We will make it executable:

chmod +x run-maryq.sh

Make the script executable with chmod

Let’s see what happens when we try to run it.

./run-maryq.sh

Run script with runuser inside, as normal user

The runuser The command complains because it is executed by a normal user. Let’s start again with sudo.

sudo ./run-maryq.sh

Run script with runuser inside, as root

It works as we would like, and as if Mary had started the script herself.

Which to use?

On the command line, there aren’t many choices between them. But as you must use sudo with runuser anyway, might as well use sudo all alone.

But in one scenario, runuser is the preferred command.

RELATED: 10 basic Linux commands for beginners

Comments are closed.