Fedora Linux Support Community & Resources Center
  #1  
Old 29th May 2009, 04:37 PM
DeckMechanic Offline
Registered User
 
Join Date: Nov 2007
Posts: 11
su command without password

Hello guys. A quick one I hope

Is it possible to su - to another user without having to put in the password everytime?

I want this.............................................
[bob@mypc ~]$ su - sandy
Password:
[sandy@mypc ~]$

to become this.....................
[bob@mypc ~]$ su - sandy
[sandy@mypc ~]$

Many thanks

Sandy
Reply With Quote
  #2  
Old 29th May 2009, 04:40 PM
brunson Offline
Registered User
 
Join Date: Jun 2005
Location: Westminster, Colorado
Posts: 2,306
You can do that with sudo, read the man page, there are examples at the bottom. The default behavior for sudo is to make you type the password once, then allow you to keep using sudo without a password until some period of time passes. In other words your authorization gets cached, then expires after disuse.

You could also write a small C program that you chown to the user you're interested in, then set the suid bit on it, that will allow you to assume the identity of whoever.

Note: THIS IS EXTREMELY INSECURE, but you know your environment better than any of us here.

For example, put this in a file called dosu.c:
Code:
#include <sys/types.h>
#include <unistd.h>

int main( int argc, char *argv[] ) 
{
  if ( argc > 1 ) {
      setuid( 0 );
      execvp( argv[1], argv + 1 );
  }
  return( 1 );
}
Code:
ebrunsonlx(~)$ make dosu
cc     dosu.c   -o dosu
ebrunsonlx(~)$ id
uid=500(ebrunson) gid=500(ebrunson) groups=500(ebrunson),802(mysql)
ebrunsonlx(~)$ ./dosu id
uid=500(ebrunson) gid=500(ebrunson) groups=500(ebrunson),802(mysql)
ebrunsonlx(~)$ sudo chown root.root dosu
[sudo] password for ebrunson: 
ebrunsonlx(~)$ sudo chmod u+s dosu
ebrunsonlx(~)$ ls -l dosu
-rwsrwxr-x 1 root root 4978 2009-05-29 10:00 dosu*
ebrunsonlx(~)$ ./dosu id
uid=0(root) gid=500(ebrunson) groups=500(ebrunson),802(mysql)
ebrunsonlx(~)$ sudo su - root
[root@ebrunsonlx ~]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
[root@ebrunsonlx ~]# logout
ebrunsonlx(~)$ sudo su - mysql
-bash-3.2$ id
uid=27(mysql) gid=27(mysql) groups=27(mysql)
__________________
Registered Linux User #4837
411th in line to get sued by Micro$oft
Quote:
Basically, to learn Unix you learn to understand and apply a small set of key ideas and achieve expertise by expanding both the set of ideas and your ability to apply them - Paul Murphy

Last edited by brunson; 29th May 2009 at 05:11 PM.
Reply With Quote
  #3  
Old 29th May 2009, 05:29 PM
jteb Offline
Registered User
 
Join Date: Feb 2009
Location: Krommenie, Netherlands
Posts: 10
You could (although I wouldn't recommend it) put another rule in your /etc/sudoers file, partly like brunson already said.

<code>
bob ALL=(ALL) NOPASSWD: ALL
</code>

Then you can just do
# sudo su sandy


It would give user bob permissions to use sudo w/o a password anytime

Cheers,
Jan
Reply With Quote
  #4  
Old 26th April 2012, 12:53 PM
Super Jamie
Guest
 
Posts: n/a
linuxfirefox
Re: su command without password

This still turns up in Google Results so I'm resurrecting the thread and providing a good answer.

In the file /etc/pam.d/su put this as the second line:
Code:
auth            sufficient      pam_permit.so
This is incredibly insecure as it lets literally anyone at all with a login become root.

To restrict this just to your username, use this line instead, replace the "yourusername" with your actual username:
Code:
auth            sufficient      pam_succeed_if.so use_uid user = yourusername
You can also restrict this to a group, here the group "allowedpeople" can su without a password:
Code:
auth            sufficient      pam_succeed_if.so use_uid user ingroup allowedpeople
You can now type su - to become root (or any user really) without a password prompt.
Reply With Quote
  #5  
Old 26th April 2012, 02:35 PM
William Haller Offline
Registered User
 
Join Date: Jul 2005
Age: 53
Posts: 1,079
linuxchrome
Re: su command without password

It's also easy to just bring up a root konsole shell with kdesu and restrict the operations you do in that to safe non-internet connected things. From there you can su sandy - and become that user without a password once you've authenticated as root once. I presume you have a valid system reason for wanting to become the other user that won't get you fired. In my case I run some software like accounting packages out of another user and it is just easier to use that approach to become the accounting user without doing an entire switch-user.

It is still dangerous to run as root and for that reason I recommend the specific konsole approach. You can do all your system maintenance using it from a normal user login and let the normal user login handle all the e-mail, browsing, and other functions that are exposed to the real world.

Clearly, if your need is occasional, then you should sudo instead. But if you are a network admin who needs to check logs and the like a lot or run routine yum updates, then this is a safer alternative than just logging on as root.
Reply With Quote
  #6  
Old 26th April 2012, 02:42 PM
Super Jamie
Guest
 
Posts: n/a
linuxfirefox
Re: su command without password

Actually I'm just lazy, I'm tired of entering the password every time I type su -.

This is just on my desktop at home and on a private server I run. The server is ssh-only so using graphical sudo/beesu/kdesu/etc isn't an option.

It would be foolish, and probably in breach of any decent employment contract, to make this sort of change on a business production system. Probably just as silly as using Fedora as a business production server.
Reply With Quote
  #7  
Old 27th April 2012, 02:26 AM
axel2078 Offline
Registered User
 
Join Date: Jun 2010
Location: Fairview Heights, IL
Posts: 74
linuxchrome
Re: su command without password

As someone has already mentioned, the simplest way to do this would be to add your name to the sudoers file with the option to not supply a password.
Reply With Quote
  #8  
Old 27th April 2012, 11:36 AM
Super Jamie
Guest
 
Posts: n/a
linuxfirefox
Re: su command without password

Then you still have to type sudo. I don't want to do that.
Reply With Quote
  #9  
Old 27th April 2012, 01:39 PM
axel2078 Offline
Registered User
 
Join Date: Jun 2010
Location: Fairview Heights, IL
Posts: 74
Wow, you are lazy. You may as well log in as root and do everything that way. Since you are so lazy, go ahead and make root's password blank while you're at it so you don't have to trouble yourself to type anything to log in.
Reply With Quote
Reply

Tags
command, pam, password, root

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
System/Administration Menu not prompting for password, then saying wrong password soylentman Using Fedora 7 13th September 2009 12:29 AM
How stop request for password to password manager whenever logs in to wifi? 6tr6tr Using Fedora 7 27th June 2009 05:46 PM
Superuser command, password won't work Crazycrak Security and Privacy 2 23rd May 2008 09:10 AM
How can local users execute command on remote machine without password? youhaodeyi Servers & Networking 4 5th December 2007 02:24 PM
Root Password in Terminal COMMAND NOT FOUND Marukuwato Using Fedora 12 12th July 2005 05:19 PM


Current GMT-time: 00:58 (Wednesday, 30-07-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat