1

I am trying to create a user with su access on centos. I followed the instructions from this post. but NOTHING worked.

I want to login using su test_user

steps:

sudo adduser test_user (No prompt to set up password)

I tried su test_user (prompted for password) (pressed entered key - did not work)

then I deleted password

sudo passwd -d test_user
Removing password for user test_user.
passwd: Success

Then I tried

su test_user 
Password: (just enter key pressed)
su: Permission denied

NOTE: I also changed my sudoers file to reflect the following at the end of file /etc/sudoers as indicated in this post.

test_user ALL=(ALL) NOPASSWD:ALL

still nothing worked. Thanks

Community
  • 1
brain storm
  • 163
  • 1
  • 3
  • 7
  • It's not clear what you are asking. Either you want 'normal_user' to be able to 'su' to into 'test_user', or you want 'test_user' to able to to become root or to be able to run a command that requires root privilege. Those are all different cases. – Mark Stosberg Jan 06 '16 at 21:37
  • @MarkStosberg: first case. thanks for clarification. – brain storm Jan 06 '16 at 21:44

2 Answers2

4

OK, to be clear, su and sudo are completely different things. Adding test_user to your sudoers file is completely irrelevant for this use case.

su allows you to switch from one user to another, while sudo allow you to run a command as a different user. There's a subtle difference.

Having a passwordless account is horrible idea. Don't do it.

If you want to be able to switch from one account to another without affecting the other account's password, then just do:

$ sudo su - username

It goes without saying that your user account will need to be added to sudoers with the appropriate access to run the above command as root.

EEAA
  • 108,414
  • 18
  • 172
  • 242
  • Thanks. will `sudo su username` gets all privileges of sudo ( i mean run all commands). I want to switch from one to user but still have privileges to run commands – brain storm Jan 06 '16 at 21:07
  • 1
    You *do* have privileges to run commands. – EEAA Jan 06 '16 at 21:07
  • and the privileges is there because I added it to the sudoers files? – brain storm Jan 06 '16 at 21:08
  • 1
    The sudoers file has absolutely nothing to do with **anything** except running commands via `sudo`. – EEAA Jan 06 '16 at 21:09
  • I still don't get it. you say `su` allows you to switch from one user to another. so why `su test_user` prompts for password but `sudo su test_user` does not? – brain storm Jan 06 '16 at 21:09
  • 2
    Read my answer. It is because when you're running the command via `sudo`, it is running with root's privileges. Root does not need to specify passwords when switching from one user to another. – EEAA Jan 06 '16 at 21:10
  • I get that. how can i get `su test_user` to work then instead of `sudo su test_user`? – brain storm Jan 06 '16 at 21:12
  • 2
    You don't. You use sudo. – EEAA Jan 06 '16 at 21:13
  • I don't or I cannot. and from my understanding from comments, the line I added to my sudoers file makes no difference? – brain storm Jan 06 '16 at 21:15
  • 2
    Again. As I said in my answer - `su`, and `/etc/sudoers` have **absolutely nothing to do with each other**. `su` knows nothing about what is in your sudoers file. Nothing. – EEAA Jan 06 '16 at 21:17
  • ok ok. so "I don't or I cannot" - please make that clear. I remember issuing `su someuseName` before. so wondering how that worked then – brain storm Jan 06 '16 at 21:22
  • 2
    If you want your normal user to be able to "su" into testuser without a password, EEAA's answer above is the correct answer: Use "sudo su testuser" to access the account. – Mark Stosberg Jan 06 '16 at 22:07
  • This answer seems to suggest otherwise http://unix.stackexchange.com/a/192956/36253 but testing it out, `su` still prompts for a password after deleting it. I am aware it is a security risk, just curious how it works. – beanaroo Mar 12 '16 at 03:43
0

Create an user with empty password

sudo useradd test-user-0
echo test-user-0:U6aMy0wojraho | sudo chpasswd -e
su test-user-0

The password prompt still shows unfortunately.

But if you just hit enter without typing anything, and it logins as the user test-user-0.

The -e flags tells chpasswd that the password is already encrypted, and U6aMy0wojraho is the hash of the empty string.

Tested on Ubuntu 18.04.

BusyBox autologin

On the terminal at least, you don't need to create an user without a password to allow someone to not type their passwords everytime, hacking inittab a bit is enough: https://unix.stackexchange.com/questions/299408/how-to-login-automatically-without-typing-the-root-username-or-password-in-build

Ciro Santilli OurBigBook.com
  • 3,518
  • 1
  • 28
  • 19