Change user

meister29 · August 6, 2019, 5:54pm

Hi All,

need your assistance, how can i change user again after i change my user.

here is the code that i tried

su - myuser #success
su - webuser ##what i want to try is to change user again to webuser from myuser account

my output is it cannot change to webuser account. only in myuser.

Pls advise,
TIA

Neo · August 6, 2019, 6:29pm

Off hand, my first guess is that your webuser account does not have a valid shell specified in the password file.

meister29 · August 6, 2019, 6:33pm

yes sir. what i only did in my script is su again after su in myuser.

rdrtx1 · August 6, 2019, 7:13pm

su should not allow a regular user to start a shell or process for another user without a password. Only root user can do that.

drysdalk · August 6, 2019, 7:21pm

Hi,

As Neo has said, the most likely explanation here is that myuser has a valid shell set in /etc/passwd , whereas webuser does not.

Witness the following example:

# finger -l unixforum
Login: unixforum                        Name: 
Directory: /home/unixforum              Shell: /bin/bash
Never logged in.
No mail.
No Plan.
# finger -l test
Login: test                             Name: 
Directory: /home/test                   Shell: /bin/false
Never logged in.
No mail.
No Plan.
#

Here we start off as root . We see that the account unixforum has a shell of /bin/bash , whereas the account test has a shell of /bin/false - in other words, it will never be able to have any kind of interactive logon session.

Let's see what happens now if we try to switch through these, starting off again as root :

# whoami
root
# su - unixforum
$ whoami   
unixforum
$ su - test
Password: 
No directory, logging in with HOME=/
$ whoami
unixforum
$

We were able to switch user from root to unixforum without a password (something only root can do with su , as per rdrtx1's advice). However, when we tried to switch from unixforum to test it didn't work, since we can't get a shell prompt for a user that doesn't have a valid shell set.

Hope that this helps you to see a bit clearer how this works. If I've gotten the wrong end of the stick here and if what I'm describing doesn't match your problem, then if you can provide output for what's failing or otherwise give a more detailed description of what exactly isn't working we can take things from there.

meister29 · August 6, 2019, 7:40pm

hmm.. i tried to manual

sudo su - webuser - c "test. sh"

from myuser account and it says sorry user is not allowed to execute '/bin/su - webuser - c test. sh' does it mean i dont have rights to execute command while in sudo su? but if tried to change user only webuser then execute shell script manually it works. is there any other way to execute script in webuser while im in myuser?

TIA

drysdalk · August 6, 2019, 8:10pm

Hello,

Yes, that's correct - this error means that the user myuser is not allowed to run the su command via sudo . That's not unusual, and in fact is generally good practice. If you let regular users run the su command via sudo (and especially if you let them run commands via sudo without being prompted for a password) then this can be a fairly big security hole, as it would allow users to (for example) switch to the root user without needing to know any passwords at all other than their own.

So, you could edit the sudoers file to allow myuser to run su via sudo , but you need to be sure you're definitely happy security-wise doing that. You can do that by typing visudo as root , which will open up the sudoers file in your default editor and allow you to make whatever changes you want.

meister29 · August 7, 2019, 12:51am

i see... thanks everyone.

Neo · August 7, 2019, 1:05am

As drysdalk did a great job of explaining to you:

Just post the output of this command:

finger -l webuser

You might need to install finger first.

Or you can just post the webuser entry of your /etc/passwd file as so:

grep webuser /etc/passwd