23

I need to copy file between Linux machines. The problem that the user I use to login (myuser), is different from the user that can access the file.

If I just ssh to the machine, I can switch the user using sudo su someuser, can I do it somehow while scp?

While using WinSCP I managed to do it, by configuring the SCP/Shell, so I believe there must be a similar way to do it via pure shell.

Gilles 'SO- stop being evil'
  • 829,060
Tarlog
  • 333
  • I'm confused. Why don't you login as the user who manipulates the file? – rahmu Feb 25 '13 at 10:20
  • 1
    Because it's impossible to login using the other user. – Tarlog Feb 25 '13 at 10:34
  • How about connecting with ssh and executing scp, something like this: ssh myuser@host "sudo scp ..." ? – rahmu Feb 25 '13 at 11:09
  • Maybe the answer here can work in such a situation? http://unix.stackexchange.com/questions/43094/how-to-use-rsync-with-a-remote-remote-host @Tarlog This assumes that on the remote machine itself, you can ssh someuser@remote – Bernhard Feb 25 '13 at 11:09

4 Answers4

12

Assuming that the user you CAN ssh to doesn't need a password to sudo su into the target user, you can try this:

dd if=myfile | ssh some.host "sudo -u targetuser dd of=myfile"

... Mind, I'm still unconvinced that simply configuring targetuser to only allow scp/sftp/rsync over SSH and using a RSA keypair for authentication isn't a much better option.

Shadur-don't-feed-the-AI
  • 31,260
4

If you know the credentials to the other user (someuser) you can just specify it on your scp call.

From the man scp page:

File names may contain a user and host specification to indicate that the file is to be copied to/from that host. Local file names can be made explicit using absolute or relative pathnames to avoid scp treating file names containing ‘:’ as host specifiers. Copies between two remote hosts are also permitted.

Here's the syntax used:

[[user@]host:]/path/to/file

Example

You want to copy the file /home/foo/bar from host1 to your localhost, using user someuser, here's the command:

scp someuser@host1:/home/foo/bar .

You will be asked for authentication (password, keys, ...).

rahmu
  • 20,023
1

It's probably possible, but I'd say it's a very awkward way to go about it.

My first suggestion is to login as that user. Even if you don't have that user's password, you can add your own public ssh key to their authorized_keys and then scp using their key, as rahmu shows.

If that's not possible, my second suggestion is to login by ssh, sudo to the user and create a tarfile of the files you want to copy and put it somewhere that your own user can read. Then scp down that tarfile.

Jenny D
  • 13,172
  • It's impossible to login the the other user. Yep, I figured out the second suggestion myself. Looking for an easy way :) – Tarlog Feb 25 '13 at 10:33
  • The link posted by gcb should be of service, then. At least if you're going to be doing this more than once. Or, of course, you could change the access rights to the file to give your own user access to it. – Jenny D Feb 25 '13 at 10:35
  • Well, I'm trying to create a script (which is going to be used multiple times of course) that will be used by different users. So granting the access to me won't really help. Anyone who is able to 'sudo su otheruser' should be able to run the script. – Tarlog Feb 25 '13 at 10:43
  • Gotcha. I'd start with the link from gcb, then if you have problems with the script post it and see if we can crowdsource some help. – Jenny D Feb 25 '13 at 10:44
1

use -S on the scp command

e.g. https://superuser.com/questions/87597/how-to-perform-scp-as-a-sudo-user

it will allow you to execute a script, on much like i believe you were doing with the winscp use case.

Community
  • 1
gcb
  • 398