Run part of a bash script as a different user

Is there a way to make part of a script run as a different (non-root) user? If it helps , the part to be run as a different user occurs at the end of the script

Edit :
OS -> Ubuntu 9.04

Manish Mathai

Posted 2010-01-09T04:46:56.857

Reputation: 649

possible duplicate of Howto switch / chage user id witin a bash script to execute commands in the same script?

– Dan Dascalescu – 2014-07-11T10:35:49.820

Answers

Use the sudo command in the script.

In the form:

sudo -u username command

the sudo command runs command as the user username.

If the script is being run as root, I don't think it will prompt for a password. Otherwise, this article discusses how to use sudo with password in one command line?, and this article discusses how to use sudo without password?

pcapademic

Posted 2010-01-09T04:46:56.857

Reputation: 3 283

@Andrew I was wondering this myself and the following worked for me: sudo -u ic sh -c 'cmd1 && cmd2' – Karussell – 2017-05-29T14:26:32.697

Also include the i option if you want to acquire the user's environment – neoDev – 2017-11-21T06:17:12.593

5This is nice and easy, but is there a way to do this for a group of commands instead of one at a time? – Andrew – 2013-12-05T23:08:08.433

write a bash script, make it executable chmod +x script.sh and then just sudo -u username script.sh – NiCU – 2014-06-11T15:05:02.267

# I=like:

#test if running bash as a different user works
sudo -u nobody bash -c : && RUNAS="sudo -u nobody"

echo 1: $USER

#Runs bash with commands between '_' as nobody if possible
$RUNAS bash<<_
echo 2: \$USER
_

echo 3: $USER

# ./run

1: root
2: nobody
3: root

AXE Labs

Posted 2010-01-09T04:46:56.857

Reputation: 509

10Could you add some explanatory text? – Kazark – 2013-03-28T19:21:56.050

This answer is good, but the serverfault advice is slightly dangerous - would allow anyone to run anything as root! So I'm posting here because I can't format the comment.

I would recommend using visudo to give the permissions you need as precisely as you can. Type visudo and add a line like:

username hostname = NOPASSWD: /full/path/to/command1, full/path/to/command2

If you do need to run this same thing on many hosts, you could open it up with:

username ALL = NOPASSWD: /full/path/to/command1, full/path/to/command2

But I would **not* use either:

username ALL=(ALL) NOPASSWD: ALL

or username hostname = ALL

The sudoer man page has lots of gory details

DaveParillo

Posted 2010-01-09T04:46:56.857

Reputation: 13 402

Would it work for a command available to a particular user only ? – Manish Mathai – 2010-01-09T09:42:06.700

You can specify that only particular users can run the command (in the examples above, replace username with the username who should be able to run the command). If the executable you want to run is only executable by one particular user, that's fine too - just pass that username in the sudo -u username commandline line of the script. – James Polley – 2010-01-09T10:31:05.057

@Manish. Yes. What the sudoers file says is "Allow this username on this host to run command1 without having to provide a password. – DaveParillo – 2010-01-09T17:23:56.897

For sonarqube:

sudo -u sonar /usr/bin/sonar start

where sonar is the name of user used to run the command /usr/bin/sonar start

burtsevyg

Posted 2010-01-09T04:46:56.857

Reputation: 219

This way, end of a script will be executed by different user (root). Please note the $[LINENO+2] and exit $? calls. These are required to make the end of the script to execute just once and to preserve the exit code of the sudo call.

#!/bin/bash                                                                                                                                                                                                                                  
echo $USER                                                                                                                                                                                                                                      

# pipe the rest of this script via a sudo call                                                                                                                                                                                                                                         
tail -n +$[LINENO+2] $0 | exec sudo bash                                                                                                                                                                                                     
exit $?                                                                                                                                                                                                                                     
echo $USER
exit 1

dparalen

Posted 2010-01-09T04:46:56.857

Reputation: 21

not so sure about it, but if you want that ONLY the end of that script will run as a different user, you could add su someuser before the end of the script.

Am I missing something?

Hope that helps,

Regards

dag729

Posted 2010-01-09T04:46:56.857

Reputation: 1 894

1I think this is the most appropriate answer, having all other answers suggesting sudo, which is often not installed by default on some minimal linux installations. – Tim – 2018-01-07T03:04:53.007

su someuser will start a new shell, it won't execute the rest of the script. – Just a student – 2020-02-14T15:43:52.390