Home Linux Tips & Tricks Run Commands As Another User Via Sudo In Linux

Run Commands As Another User Via Sudo In Linux

By sk
Published: Last Updated on 3.2k views

Picture this scenario. You are managing a Linux server that is accessed by multiple users. All users have sudo rights. You want to test certain Linux commands with different users. How would you do that? Log in as one user and test the commands, and then log out and log back in as another user and test commands? Yes, It is one way to do it. However, there is a simple way to run commands as another user via sudo in Linux. Read on to find out.

For the purpose of this guide, I have created two user accounts namely "senthil" and "kumar" in my AlmaLinux 8 test machine. I am going to use "senthil" as current user and "kumar" as the target user.

I want the user "senthil" to be able to run any command as user "kumar" on any hosts, without actually logging in as "kumar". Understood? Well, let me show you an example.

Run Commands As Another User Via Sudo

I currently logged in as user "senthil". Let me show you the currently logged in user with whoami command.

$ whoami
senthil
Show current user in Linux
Show current user in Linux

Now I am going to run a simple "echo" command with sudo as the target user "kumar" while logged in as "senthil":

$ sudo -u kumar bash -c 'echo "My Username is $USER, and my user ID is $UID"'

You will be prompted to enter the password of current user (i.e. "senthil" in this case). Once authenticated, the echo command will be run as user "kumar" and display the username and user id of the "kumar".

Sample output:

[sudo] password for senthil: 
My Username is kumar, and my user ID is 1001

What we actually just did is we executed the "echo" command as user "kumar" while we logged in as "senthil". This is why you see the username and user id of kumar, but not senthil's.

Let us verify if the uid of the user "kumar" is correct with id command.

$ id kumar
uid=1001(kumar) gid=1001(kumar) groups=1001(kumar),10(wheel)
Run Commands As Another User Via Sudo
Run Commands As Another User Via Sudo

Yes, the uid of kumar is correct in both outputs.

Here, the -u flag is used to run the given command as another user (i.e. kumar in this case) and bash -c is used to mention the name of the command. You should mention the command in single quote.

If you don't use bash -c option, the echo command will return the username and uid of the current user instead of the target user.

$ sudo -u kumar echo "My Username is $USER, and my user ID is $UID"
My Username is senthil, and my user ID is 1000

Similarly, you can run any commands as different user.

Please note that in our previous example command, I didn't enter sudo password for the target user. Why? Because, the echo command doesn't require sudo password.

If you run a command that requires sudo permission as another user, you must enter the password. Here is another example.

$ sudo -u kumar bash -c 'sudo dnf --refresh update'

Sample output:

[sudo] password for senthil: 
[sudo] password for kumar: 
AlmaLinux 8 - BaseOS                                                                                                                                                               344  B/s | 4.3 kB     00:12    
AlmaLinux 8 - AppStream                                                                                                                                                            388  B/s | 4.7 kB     00:12    
AlmaLinux 8 - Extras                                                                                                                                                               316  B/s | 3.9 kB     00:12    
Dependencies resolved.
Nothing to do.
Complete!
Run Commands As Other Users In Linux
Run Commands As Other Users In Linux

Did you notice that I entered sudo password for both users? Yes. Because, we run "sudo dnf update", which requires elevated privileges. That's why it is required to enter the sudo password for the target user. For normal commands e.g. ls, uname etc., we don't need to enter the target user's password.

Not just Linux commands, you can apply this method to run scripts as well. Let us say you want to run backup script that is saved in the $HOME directory of another user. You can simply run the script from the current user as other user by using this command:

$ sudo -u kumar bash -c '~/backup_script_name'

Run Commands Without Sudo Password

Sometimes, you might be in a situation where you don't want to enter the sudo password for every commands. In such cases, you can skip the password prompt for specific commands by adding NOPASSWD option in /etc/sudoers file.

Let us say you want to allow a certain users to run any dnf command without sudo password. To do so, first find the path of the dnf command using which or whereis commands.

$ which dnf
/usr/bin/dnf
$ whereis dnf
dnf: /usr/bin/dnf /etc/dnf /usr/share/man/man8/dnf.8.gz

As you can see, the executable path of dnf command is /usr/bin/dnf.

Now, edit /etc/sudoers files using command:

$ sudo visudo

Heads Up: Please note that you should not manually edit the sudoers file using any text editor. Always use visudo command to safely edit the sudoers file.

Add the following line at the end the file to allow the user called "kumar" to run dnf commands without sudo password.

kumar ALL=NOPASSWD:/usr/bin/dnf

Save the file and exit.

From now on, the user "kumar" can able to run dnf commands without sudo password.

[senthil@Almalinux8CT ~]$ sudo -u kumar bash -c 'sudo dnf --refresh update'
[sudo] password for senthil: 
AlmaLinux 8 - BaseOS                                                                                                                                                               358  B/s | 4.3 kB     00:12    
AlmaLinux 8 - AppStream                                                                                                                                                            324  B/s | 4.7 kB     00:14    
AlmaLinux 8 - Extras                                                                                                                                                               302  B/s | 3.9 kB     00:13    
Dependencies resolved.
Nothing to do.
Complete!

See? We don't need to enter sudo password for "kumar".

To revoke this behavior, simply remove the above line.

Disclaimer: You should be very careful while applying this method. This method can be used for both productive and destructive purposes. Say for example, if you allow users to execute 'rm' command without sudo password, they could accidentally or intentionally delete important files. Don't do this unless it is really necessary.

Conclusion

In this brief tutorial, we discussed how to allow users to run commands as another user via sudo in Linux. We also learned how to disable sudo password prompt for certain users when running specific command(s) by modifying sudoers file.

As I warned, you must be careful while testing this method on a production system. You may unknowingly allow a user to run a harmful command (e.g. rm) without having to enter sudo password. You should always be careful while testing these kind of Linux tips.

You May Also Like

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More