How to run program as another user - and permanently dropping current user privileges?

Scott Paul Robertson spr at mahonri5.net
Tue Mar 13 19:00:31 MDT 2007


On Tue, Mar 13, 2007 at 04:46:37PM -0600, Kenneth Burgener wrote:
> I got around to trying this today, but when I run my program I get an
> error saying:
> 
>  [root at test ~]# su -l myuser -c "/usr/myapp/myprogram"
>  "This account is currently not available."
> 
> Originally I created this user in /etc/passwd as follows:
> 
>  myuser:x:500:500::/tmp:/sbin/nologin
> 
> When I changed the shell parameter to:
> 
>  myuser:x:500:500::/tmp:/bin/bash
> 
> I was able to run the fine, and it showed up in the 'ps' list as running
> as myuser:
> 

Try this:
su -l myuser -s /bin/bash -c "/usr/myapp/myprogram"

su by default uses the user's shell with -l if no shell is specificed.
-s lets you specify a shell*, so the user still doesn't have a vaild
shell except when you run it like this. I've actually found this quite
handy in debugging daemon account run programs.

Scott

* -s is a GNU extension

-- 
Scott Paul Robertson
http://spr.mahonri5.net
GnuPG FingerPrint: 09ab 64b5 edc0 903e 93ce edb9 3bcc f8fb dc5d 7601
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://plug.org/pipermail/plug/attachments/20070313/774494ef/attachment.bin 


More information about the PLUG mailing list