How to become another user, without password, but keep environment?
In my role at work at the moment I frequently have to become other users (mostly build management logins rather than specific user logins). To make this easier for myself I put myself in the user's .rhosts file so that I don't have to give the password every time I become the other user. This is inside a small[ish] development group so this doesn't raise any difficult security issues really. However if you 'rlogin -l newuser hostname' you get newuser's environment. This is OK sometimes but often is a bit of a pain because I need to reset DISPLAY to get X applications to work on my screen and I also lose my favourite editor, etc., etc. So is there any way to preserve the environment in the same way that would happen if I did an 'su newuser' but, on the other hand, allow me to login in without entering the password (as I can with rlogin)? I can thing of various nasty scripting ways of doing it but su is so close to what I want it seems a pity to re-invent an almost invented wheel. -- Chris Green (chris@areti.co.uk) "Never ascribe to malice that which can be explained by incompetence."
On 2/16/06, Chris Green <chris@areti.co.uk> wrote:
In my role at work at the moment I frequently have to become other users (mostly build management logins rather than specific user logins). So is there any way to preserve the environment in the same way that would happen if I did an 'su newuser' but, on the other hand, allow me to login in without entering the password (as I can with rlogin)? I can thing of various nasty scripting ways of doing it but su is so close to what I want it seems a pity to re-invent an almost invented wheel.
If su (and sudo) are so close, what don't they do that you need? Tim.
On Thu, Feb 16, 2006 at 01:16:40PM +0000, Tim Green wrote:
On 2/16/06, Chris Green <chris@areti.co.uk> wrote:
In my role at work at the moment I frequently have to become other users (mostly build management logins rather than specific user logins). So is there any way to preserve the environment in the same way that would happen if I did an 'su newuser' but, on the other hand, allow me to login in without entering the password (as I can with rlogin)? I can thing of various nasty scripting ways of doing it but su is so close to what I want it seems a pity to re-invent an almost invented wheel.
If su (and sudo) are so close, what don't they do that you need?
If I 'su newuser' it asks for newuser's password, a hassle I'd rather avoid as I may do this dozens of times in a short period of time. -- Chris Green (chris@areti.co.uk) "Never ascribe to malice that which can be explained by incompetence."
On Thu, Feb 16, 2006 at 02:30:48PM +0000, Chris Green wrote:
On Thu, Feb 16, 2006 at 01:16:40PM +0000, Tim Green wrote:
On 2/16/06, Chris Green <chris@areti.co.uk> wrote:
In my role at work at the moment I frequently have to become other users (mostly build management logins rather than specific user logins). So is there any way to preserve the environment in the same way that would happen if I did an 'su newuser' but, on the other hand, allow me to login in without entering the password (as I can with rlogin)? I can thing of various nasty scripting ways of doing it but su is so close to what I want it seems a pity to re-invent an almost invented wheel.
If su (and sudo) are so close, what don't they do that you need?
If I 'su newuser' it asks for newuser's password, a hassle I'd rather avoid as I may do this dozens of times in a short period of time.
Not if you su to root first ;) (alternatively, you could frobble with the pam config so that you don't need to type a password) Cheers, Brett.
On Thu, Feb 16, 2006 at 02:33:32PM +0000, Brett Parker wrote:
On Thu, Feb 16, 2006 at 02:30:48PM +0000, Chris Green wrote:
On Thu, Feb 16, 2006 at 01:16:40PM +0000, Tim Green wrote:
On 2/16/06, Chris Green <chris@areti.co.uk> wrote:
In my role at work at the moment I frequently have to become other users (mostly build management logins rather than specific user logins). So is there any way to preserve the environment in the same way that would happen if I did an 'su newuser' but, on the other hand, allow me to login in without entering the password (as I can with rlogin)? I can thing of various nasty scripting ways of doing it but su is so close to what I want it seems a pity to re-invent an almost invented wheel.
If su (and sudo) are so close, what don't they do that you need?
If I 'su newuser' it asks for newuser's password, a hassle I'd rather avoid as I may do this dozens of times in a short period of time.
Not if you su to root first ;)
Er, yes, but I'd need to enter the password for root instead. My basic requirement is to be able to change from myself to a small number of other users frequently and without hassle. In addition (as I said) I 'd like to keep my own environment. Basically I simply want to take on the 'privilege mantle' of different users at will without affecting my environment. I know this *could* be done by group and other settings but for historical and other reasons that's not a practical way to go at the moment. -- Chris Green (chris@areti.co.uk) "Never ascribe to malice that which can be explained by incompetence."
Alan Pope wrote:
On 16/02/06, Chris Green <chris@areti.co.uk> wrote:
I can thing of various nasty scripting ways of doing it but su is so close to what I want it seems a pity to re-invent an almost invented wheel.
can't you just do
$ sudo su - otheruser
Certainly can. To do that without passwords, one needs to a) be in the wheel group, and b) have the following line in the /etc/sudoers file: %wheel ALL=(ALL) NOPASSWD: ALL Cheers, Laurie. -- -------------------------------------------------------------------- Laurie Brown laurie@brownowl.com --------------------------------------------------------------------
On Thu, Feb 16, 2006 at 05:41:36PM +0000, Laurie Brown wrote:
Alan Pope wrote:
On 16/02/06, Chris Green <chris@areti.co.uk> wrote:
I can thing of various nasty scripting ways of doing it but su is so close to what I want it seems a pity to re-invent an almost invented wheel.
can't you just do
$ sudo su - otheruser
Certainly can. To do that without passwords, one needs to a) be in the wheel group, and b) have the following line in the /etc/sudoers file:
%wheel ALL=(ALL) NOPASSWD: ALL
Thanks all, I'll have to look into whether sudo is installed on our systems at work (they're Solaris rather than Linux). I have root access to the system I want to do this on so I can install it if necessary. -- Chris Green (chris@areti.co.uk) "Never ascribe to malice that which can be explained by incompetence."
Alan Pope wrote:
On 16/02/06, Chris Green <chris@areti.co.uk> wrote:
I can thing of various nasty scripting ways of doing it but su is so close to what I want it seems a pity to re-invent an almost invented wheel.
can't you just do
$ sudo su - otheruser
or $ sudo -s -u otheruser and with correctly setup sudoers file you can do this without a password. JD
participants (6)
-
Alan Pope -
Brett Parker -
Chris Green -
Jon Dye -
Laurie Brown -
Tim Green