Picture this scenario. You are managing a Linux server that is accessed by multiple users. All users have
sudo rights. You want to test certain Linux commands with different users. How would you do that? Log in as one user and test the commands, and then log out and log back in as another user and test commands? Yes, It is one way to do it. However, there is a simple way to run commands as another user via sudo in Linux. Read on to find out.
For the purpose of this guide, I have created two user accounts namely "senthil" and "kumar" in my AlmaLinux 8 test machine. I am going to use "senthil" as current user and "kumar" as the target user.
I want the user "senthil" to be able to run any command as user "kumar" on any hosts, without actually logging in as "kumar". Understood? Well, let me show you an example.
Run Commands As Another User Via Sudo
I currently logged in as user "senthil". Let me show you the currently logged in user with
$ whoami senthil
Now I am going to run a simple "
echo" command with
sudo as the target user "kumar" while logged in as "senthil":
$ sudo -u kumar bash -c 'echo "My Username is $USER, and my user ID is $UID"'
You will be prompted to enter the password of current user (i.e. "senthil" in this case). Once authenticated, the
echo command will be run as user "kumar" and display the username and user id of the "kumar".
[sudo] password for senthil: My Username is kumar, and my user ID is 1001
What we actually just did is we executed the "
echo" command as user "kumar" while we logged in as "senthil". This is why you see the username and user id of kumar, but not senthil's.
Let us verify if the uid of the user "kumar" is correct with
$ id kumar uid=1001(kumar) gid=1001(kumar) groups=1001(kumar),10(wheel)
Yes, the uid of kumar is correct in both outputs.
-u flag is used to run the given command as another user (i.e. kumar in this case) and
bash -c is used to mention the name of the command. You should mention the command within single quote.
If you don't use
bash -c option, the
echo command will return the username and uid of the current user instead of the target user.
$ sudo -u kumar echo "My Username is $USER, and my user ID is $UID"
My Username is senthil, and my user ID is 1000
Similarly, you can run any commands as different user.
Please note that in our previous example command, I didn't enter
sudo password for the target user. Why? Because, the
echo command doesn't require
If you run a command that requires
sudo permission as another user, you must enter the password. Here is another example.
$ sudo -u kumar bash -c 'sudo dnf --refresh update'
[sudo] password for senthil: [sudo] password for kumar: AlmaLinux 8 - BaseOS 344 B/s | 4.3 kB 00:12 AlmaLinux 8 - AppStream 388 B/s | 4.7 kB 00:12 AlmaLinux 8 - Extras 316 B/s | 3.9 kB 00:12 Dependencies resolved. Nothing to do. Complete!
Did you notice that I entered
sudo password for both users? Yes. Because, we run "
sudo dnf update", which requires elevated privileges. That's why it is required to enter the
sudo password for the target user. For normal commands e.g.
uname etc., we don't need to enter the target user's password.
Not just Linux commands, you can apply this method to run scripts as well. Let us say you want to run backup script that is saved in the
$HOME directory of another user. You can simply run the script from the current user as other user by using this command:
$ sudo -u kumar bash -c '~/backup_script_name'
Run Commands Without Sudo Password
Sometimes, you might be in a situation where you don't want to enter the sudo password for every commands. In such cases, you can skip the password prompt for specific commands by adding
NOPASSWD option in
Let us say you want to allow a certain users to run any dnf command without sudo password. To do so, first find the path of the
dnf command using
$ which dnf /usr/bin/dnf
$ whereis dnf dnf: /usr/bin/dnf /etc/dnf /usr/share/man/man8/dnf.8.gz
As you can see, the executable path of
dnf command is
/etc/sudoers files using command:
$ sudo visudo
Heads Up: Please note that you should not manually edit the
sudoers file using any text editor. Always use
visudo command to safely edit the
Add the following line at the end the file to allow the user called "kumar" to run
dnf commands without sudo password.
Save the file and exit.
From now on, the user "kumar" can able to run
dnf commands without
[senthil@Almalinux8CT ~]$ sudo -u kumar bash -c 'sudo dnf --refresh update' [sudo] password for senthil: AlmaLinux 8 - BaseOS 358 B/s | 4.3 kB 00:12 AlmaLinux 8 - AppStream 324 B/s | 4.7 kB 00:14 AlmaLinux 8 - Extras 302 B/s | 3.9 kB 00:13 Dependencies resolved. Nothing to do. Complete!
See? We don't need to enter
sudo password for "kumar".
To revoke this behavior, simply remove the above line.
Disclaimer: You should be very careful while applying this method. This method can be used for both productive and destructive purposes. Say for example, if you allow users to execute
'rm' command without
sudo password, they could accidentally or intentionally delete important files. Don't do this unless it is absolutely necessary.
In this brief tutorial, we discussed how to allow users to run commands as another user via sudo in Linux. We also learned how to disable sudo password prompt for certain users when running specific command(s) by modifying
As I warned, you must be careful while testing this method on a production system. You may unknowingly allow a user to run a harmful command (e.g.
rm) without having to enter sudo password. You should always be careful while testing these kind of Linux tips.