Unable to run a process as another user created by "useradd" with no password

Question

I've created a user for running a certain process only on behalf of that user:

sudo useradd -r -s /bin/false -d /var/lib/my_app123 my_user123

Now in order to run that process from behalf of "my_user123", I'm doing this:

su - my_user123

1) And it asks me a password. What password? there's no password for "my_user123". How to fix this?

2) Or what's the proper way to run "/var/lib/my_app123/some_process" as "my_user123"?

sudo itself is working fine.

You're using `su` above, but your tags and question seems to be about `sudo`. Those are not the same tool. — Tollef Fog Heen, Jun 06 '17 at 05:32

score 2 · Accepted Answer · answered Jun 06 '17 at 05:49

2

Either you can specify the right system shell:

su - youruser -s /bin/bash -c "yourcommand"

Or run the commands with sudo, it's gonna work even if youruser doesn't have a valid shell, like in your case.

Or you can't be able to log in with su as you specified /bin/false as shell for youruser. That's why the system's asking for a password.

answered Jun 06 '17 at 05:49

Marco

1,709
3
17
31

`su - youruser -s /bin/bash -c "yourcommand"` - requires the password – Jodimoro Jun 06 '17 at 11:54
You're running this command as normal user? – Marco Jun 06 '17 at 12:10
yes................. – Jodimoro Jun 06 '17 at 13:41
Then the server's asking for the user's password who runs su, and that's normal. :) – Marco Jun 06 '17 at 14:18
can I run a daemon under another user and switch back to my default user? will a daemon continue to run? – Jodimoro Jun 06 '17 at 16:35
Try to google for "Linux shell fork process in background" – Marco Jun 06 '17 at 16:48

Esa Jokinen · Answer 2 · 2017-06-06T08:12:57.947

sudo and su are totally different programs. This is how su works: if you aren't root, it asks for the password of the target (substitute) user. The condition that you haven't yet set password doesn't change this; use passwd to add a password for the user. If you need to run commands as another user without knowing or giving that user's password, you should use sudo, instead.

From a security perspective, it is arguably better to set up and use sudo instead of su. The sudo system will prompt you for your own password – or no password at all, if configured in such a way – rather than that of the target user (the user account you are attempting to use). This way you do not have to share passwords between users, and if you ever need to stop a user having root access (or access to any other account, for that matter), you do not have to change the root password, which is an inconvenience to everyone else; you only need to revoke that user's sudo access.

The sudo equivalent for su - user is sudo -u user -s. If you wish to do this without using your own password, you need to visudo and add this line to your sudoers file:

yourusername    ALL=(anotheruser) NOPASSWD: /bin/bash

This gives yourusername permission to run /bin/bash as user anotheruser without password.

`The condition that you haven't yet set password doesn't change this. ` -- what password? whose? — Jodimoro, Jun 06 '17 at 08:08
The `su`bstitute user ("`my_user123`") you are trying to run the command as. Added clarification. — Esa Jokinen, Jun 06 '17 at 08:15
but I haven't set a password for him. what password should I use? — Jodimoro, Jun 06 '17 at 08:16
Read the answer to the end without stopping every time you don't understand some detail. It may get explained later in the answer – this time within the next sentences. — Esa Jokinen, Jun 06 '17 at 08:23

Unable to run a process as another user created by "useradd" with no password

2 Answers2