BASH Scripting, su to www-data for single command

Question

I am working on automating the creation of subversion repositories and associated websites as described in this blog post I wrote. I am running into issues right around the part where I su to the www-data user to run the following command:

svnadmin create /svn/repository

There is a check at the beginning of the script that makes sure it is running as root or sudo, and everything after that one command needs to be run as root. Is there a good way to run that one command as www-data and then switch back to root to finish up?

score 72 · Answer 1 · answered Jan 10 '14 at 20:04

72

With 'su' is probably that request a password, and www-data doesn't have password. I recommend the command sudo:

 sudo -u www-data command

The condition is that your user must be root, or configurated in the sudoers file

answered Jan 10 '14 at 20:04

futbolsalas15

821
1
6
3

5

Wow, why isn't this the selected answer? Took me way too long to find this. – Captain Hypertext Dec 12 '17 at 13:52
Yes, this is the easiest approach to running a command as www-data user. Thanks! – Michael J Mar 05 '22 at 19:56

score 42 · Accepted Answer · edited May 07 '18 at 16:15

42

Just use su - www-data -c 'svnadmin create /svn/repository' in your script run by root. So that only this command is run by www-data user.

Update for future viewers:

In case you receive a "This account is currently not available" error, consider using:

su - www-data -s /bin/bash -c 'svnadmin create /svn/repository'

( @Petr 's valuable mention about -s flag to accommodate www-data user's no login policy )

edited May 07 '18 at 16:15

Iceman

153
1
4

answered May 10 '12 at 18:07

johnshen64

5,747
23
17

1

Yeah, it appears I forgot a basic rule of scripting... RTFM. Thanks! – Brendon Dugan May 10 '12 at 18:18
17

Trying this, I get the error `This account is currently not available.` – rubo77 Nov 21 '15 at 12:10
I also get this error, but futbolsalas15's answer below works fine. – Andrew Feb 05 '16 at 04:00
20

Use `su - www-data -s /bin/bash -c 'your_command'` to make this work. User www-data has shell `/usr/sbin/nologin` so without the `-s` parameter it leads to the error message. – Petr Feb 19 '16 at 11:53

score 5 · Answer 3 · answered May 06 '18 at 13:39

2 Possible approaches:

1) sudo command:

In most cases you will have access to the sudo command and so the solution is simply:

sudo -u target_user target_command

2) su command (if sudo not installed. Ex. alpine-linux images):

su - target_user -c 'target_command'

In case you receive a 'This account is currently not available' error, the user has a no login (shell access) policy in effect. If so, consider using:

su - target_user -s /bin/bash -c 'target_command'

(Based on @Petr 's valuable comment about -s flag to accommodate www-data user's no login policy)

the `sudo -u www-data target_command` version worked for me, thanks! — Jared, Dec 03 '20 at 17:06

score 3 · Answer 4 · answered May 10 '12 at 18:07

3

Use su:

   su [options] [username]

   The options which apply to the su command are:

   -c, --command COMMAND
       Specify a command that will be invoked by the shell using its -c.

answered May 10 '12 at 18:07

MikeyB

38,725
10
102
186

3

It should be noted that su commands don't work with accounts that have disabled logins (such as www-data). You'll have to use sudo. – Frantumn Jun 02 '17 at 14:46

BASH Scripting, su to www-data for single command

4 Answers4