DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 17th February 2009
carpman carpman is offline
Shell Scout
 
Join Date: Jul 2008
Posts: 94
Default is this possible

Is it possible when logged in as root to run command as user, bit like sudo in reverse?

cheers
Reply With Quote
  #2   (View Single Post)  
Old 17th February 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

The general syntax for a sudoers rule is:

user system = (run as) commands

e.g.:

carpman ALL = (operator) ALL

Would allow you to execute any command as "operator" on any host with this rule in the sudoers file.

Then you would:

$ sudo -u operator <whatever>

Disclaimer: I haven't run the rule through visudo to check it. You may need to adjust it.
Reply With Quote
  #3   (View Single Post)  
Old 17th February 2009
DutchDaemon's Avatar
DutchDaemon DutchDaemon is offline
Real Name: Ben
Spam Refugee
 
Join Date: Jul 2008
Location: Rotterdam, The Netherlands
Posts: 336
Default

su - someuser -c command should work
Reply With Quote
  #4   (View Single Post)  
Old 17th February 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

su(1) will work when logged in as root; otherwise the password for the "run as" user is required.

Using sudo, any user can be permitted to "run as" another, without needing that userid's password. In addition, one can "run as" another user that does not have a usable $HOME or login shell.
Reply With Quote
  #5   (View Single Post)  
Old 18th February 2009
carpman carpman is offline
Shell Scout
 
Join Date: Jul 2008
Posts: 94
Default

Hello and thanks for replies.

the su method seemed to fail

Code:
su - wwwuser -c touch /hsphere/local/home/wwwuser/test.txt
The parent process is not sshd. Exiting...
This maybe related to an sshd issue i have though.


but sudo method worked for touch

Code:
sudo -u wwwuser touch /hsphere/local/home/wwwuser/test.txt

Did not work for script app.sh but think that maybe another issue i looking into.

cheers
Reply With Quote
  #6   (View Single Post)  
Old 18th February 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

re: su

On OpenBSD, the -c option is for login class, not for command. See the su(1) man page.

Here's an example of substituting the identity of a typical "nologin" userid:
Code:
# su -m nobody
ksh: Cannot determine current working directory
$ touch /tmp/test
$ exit
# ls -l /tmp/test
-rw-r--r--  1 nobody  wheel    0 Feb 18 13:05 /tmp/test
Reply With Quote
  #7   (View Single Post)  
Old 18th February 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Ooops. This is FreeBSD. Sorry. But -c is still login class. See the FreeBSD version of su(1).
Reply With Quote
  #8   (View Single Post)  
Old 18th February 2009
DutchDaemon's Avatar
DutchDaemon DutchDaemon is offline
Real Name: Ben
Spam Refugee
 
Join Date: Jul 2008
Location: Rotterdam, The Netherlands
Posts: 336
Default

See the examples in that same manual ..

Code:
EXAMPLES
     su -m man -c catman
            Runs the command catman as user man.  You will be asked for man's
            password unless your real UID is 0.  Note that the -m option is
            required since user ``man'' does not have a valid shell by
            default.
     su -m man -c 'catman /usr/share/man /usr/local/man'
            Same as above, but the target command consists of more than a sin-
            gle word and hence is quoted for use with the -c option being
            passed to the shell.  (Most shells expect the argument to -c to be
            a single word).
And:

Code:
su -m www ps    
/bin/ps: /bin/ps: cannot execute binary file

su -m www -c ps  
  PID  TT  STAT      TIME COMMAND
 1023  p0  R+     0:00.00 ps

Last edited by DutchDaemon; 18th February 2009 at 09:05 PM.
Reply With Quote
  #9   (View Single Post)  
Old 18th February 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Can you explain why the EXAMPLES don't match the SYNOPSIS in that man page? One of them is wrong.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 06:06 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick