![]() That’s all for now! For more information, see the PAM manual entry page ( man pam.conf) and that of sudo command as well ( man sudo). Now try to su to the account postgres as the user aaronk, the shell should not prompt you to enter a password: $ sudo su - postgres Then add the following configuration below the line “%sudo ALL=(ALL:ALL) ALL” as shown in the following screenshot. Now I am going to run a simple 'echo' command with sudoas the target user 'kumar' while logged in as 'senthil': You will be prompted to enter the password of current user (i.e. In this case, the user (for example aaronk) who will switch to another user account (for example postgres) should be in the sudoers file or in the sudo group to be able to invoke the sudo command. Let me show you the currently logged in user with whoamicommand. ![]() You can also su to another user without requiring a password by making some changes in the sudoers file. Now try to su to the postgres account as the user aaronk, you should not be prompted for a password as shown in the following screenshot: $ su - postgres Next, add the user (for example aaronk) that you want to su to the account postgres without a password to the group postgres using usermod command. auth sufficient pam_succeed_if.so use_uid user ingroup postgresĬonfigure PAM to Allow Running Su Command without Password Otherwise, the normal authentication steps are executed. The line that follows checks if the current user is in the group postgres, if yes, the authentication process is considered successful and returns sufficient as a result. In the above configuration, the first line checks if the target user is postgres, if it is, the service checks the current user, otherwise, the default=1 line is skipped and the normal authentication steps are executed. auth pam_succeed_if.so user = postgresĪuth sufficient pam_succeed_if.so use_uid user ingroup postgres # vim /etc/pam.d/suĪdd the following configurations after “auth sufficient pam_rootok.so” as shown in the following screenshot. To allow users in a specific group to switch to another user account without a password, we can modify the default PAM settings for the su command in the /etc/pam.d/su file. PAM ( Pluggable authentication modules) are at the core of user authentication on modern Linux operating systems. To run a command as another user with the environment of another user: sudo -i -u < username > < command >. To run a command with the security privileges of another user: sudo -u < username > < command >. You can use any of the two solutions provided below to solve the above issue. To run a command as root: sudo < command >.Any other user will be prompted to enter the password of the user account they are switching to (or if they are using the sudo command, they will be prompted to enter their password), if they don’t provide the correct password, they get an “ authentication failed” error as shown in the following screenshot. For example, we have a user account called postgres (the default PostgreSQL superuser system account), we want every user (typically our PostgreSQL database and system administrators) in the group called postgres to switch to the postgres account using the su command without entering a password.īy default, only the root user can switch to another user account without entering a password. ![]() Therefore, I was thinking to create a process running as root which receives the request to kill processes from a user, checks if the user is allowed to start/stop the process and kills the process.In this guide, we will show how to switch to another or a specific user account without requiring a password. If a second user allowed to do that wants to kill the process I'd like it to be allowed to do that but I don't want it to be sudoers. What I have is a list of users allowed to start the process, defined in the database, before starting the process I check that the current user in the list and, if yes, I start the process with the current user. Other users that are not in the group will not be able to start a second parallel process. The fact is that concurrent instances of the same process can be started from different users, that is why it is not convenient for me to set the group id to the process. In a Linux environment, I need to kill a process which has been started by user2 if I am user1 without being sudoers or using root.ĭo you know if there is a way of setting that when launching the process? Such as a list of users allowed to kill the process? ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |