How to run command as different user

Question

Is it possible to run a command

with parameters first of which starts with - (dash) e.g. /usr/bin/echo -n foo
as different user and group, for example apache:apache
using command su
when login shell is set to /sbin/nologin ?

I tried:

su -s "/usr/bin/echo" -g apache apache -n foo
- fails with su: invalid option -- 'n'. It looks like first argument may not start with dash.
su -c "/usr/bin/echo -n foo" -g apache apache
- fails with nologin: invalid option -- 'c'. It looks like -c can't be used if login shell is /sbin/nologin

czerny · Accepted Answer · 2020-02-19T18:23:46.403

30

su -s /bin/bash -c "/usr/bin/echo -n foo" -g apache apache

edited Feb 19 '20 at 18:23

answered Jun 22 '17 at 23:15

czerny

2

su in CentOS 6 doesn't support -g <group> option. This option is supported in CentOS 7 and 8. – czerny Feb 19 '20 at 18:28

Lester Cheung · Answer 2 · 2018-08-16T03:57:13.180

29

sudo to the rescue!

sudo -u <user> -g <group> -- echo -n foo

edited Aug 16 '18 at 03:57

answered Jun 23 '17 at 04:35

Lester Cheung

score 4 · Answer 3 · answered Jan 07 '21 at 16:18

If the user's login shell is set to /sbin/nologin then the user can't login and su - generally won't work.

But there is the su -m option to preserve the current user's environment and login shell:

su -m <user> -c "<command>"

For example:

su -m apache -c "echo hello; id"

Prints:

hello
uid=33(apache) gid=33(apache) groups=33(apache)

3 Answers3