Is it possible for root to execute a command as non-root?

linux su user

I am a root user, and suppose I want to run any application as another user. Is this possible, without switching to another user?

Something like

# google-chrome user=abc

I am actually executing a CLI program as a non-root user. I have set the sticky bit on and I am using setuid, so the program runs with root privileges. Now I am using system() within the program to invoke a GUI app. But I don't want to run it as root, so I want to temporarily drop root privileges only for that call.


Solution 1:

A portable solution would be:

su abc -c google-chrome

However, as google-chrome is requiring X11 access, this will likely fail unless you unsecured it, which would be a very bad idea, especially while running as root.

If X11 tunelling/forwarding is allowed, a better way would be

ssh -X abc@localhost google-chrome

or

ssh -Y abc@localhost google-chrome

Solution 2:

Short answer: "Yes, this is possible".

if you like to execute a non-X application then just use the following command:

sudo -u abc command

If you like to run some X application as another user but with your own desktop first you need to create a helper script, that will make your life simpler

  • create a bin folder under your home directory:

mkdir -p ~/bin

and using your favorite text editor create a file ~/bin/xsudo as follows:

#!/bin/bash
# (C) serge 2012
# The script is licensed to all users of StackExchange family free of charge
# Fixes/Enhancements to the script are greatly appreciated. 
# 
# SUDO_ASKPASS has to be set to the path of ssh-askpass
# fix the following two lines if your distribution does not match this autodetection
. /etc/profile.d/gnome-ssh-askpass.sh
export SUDO_ASKPASS="${SSH_ASKPASS}"

SUDOUSERNAME="$1"
shift
xauth nlist "${DISPLAY}"|sudo -HA -u $SUDOUSERNAME env --unset=XAUTHORITY \
bash -c "xauth nmerge - ; $*"

then make it executable:

chmod +x ~/bin/xsudo

and use it the same way as sudo but without any switches:

xsudo user application

Enjoy.

P.S. Starting xsession from the root account is strongly discouraged!

Solution 3:

There is a way to run chromium when logged in to the root user. If you open it normally, it will give you an error like "chromium cannot be run as root."

To run it without the error, right click your desktop, create a new launcher with the command: chromium-browser --user-data-dir. You can name it what you want, save it, when you open it, it will give you the chromium browser. (Works in Ubuntu 10.04.4 LTS)

Solution 4:

#! /bin/bash
#  (GPL3+) Alberto Salvia Novella (es20490446e)


execute () {
    function="${1}"
    command="${2}"
    error=$(eval "${command}" 2>&1 >"/dev/null")

    if [ ${?} -ne 0 ]; then
        echo "${function}: $error"
        exit 1
    fi
}


executeAsNonAdmin () {
    function="${1}"
    command="${2}"

    eval setPasswordAsker="SUDO_ASKPASS=/usr/libexec/openssh/ssh-askpass"
    run="runuser ${SUDO_USER} --session-command=\"${setPasswordAsker}\" --command=\"${command}\""
    execute "${function}" "${run}"
}


executeAsNonAdmin "" "${@}"

Related

Windows Mouse Acceleration Curve: SmoothMouseXCurve and SmoothMouseYCurve
How often should I dust the inside of my computer?
Windows Remote Desktop Connection for just a single window (or a single program)
Counting occurrences in first column of a file
Run a batch command for every file in a directory
Should I put my page file on its own partition?
How to move wireless connection to other network namespace?
Processors cache L1, L2 and L3 are all made of SRAM?
Save certificate to use with lftp
How to run 32-bit app in recent Ubuntu 64-bit
Unicode Characters in Ubuntu Server
How do I use xdg-open from xdg-utils on Mac OSX?