Is there a 'Run As' (aka Windows) option in Linux?
 

In Windows, we can choose to run a program as another user different from the login account (right click on the program icon and choose run as).

In Linux, is that possible too? If I have a script that is owned by john, how do I configure the script to auto run upon each bootup with user account 'peter'?

Thanks !

Use the su command, see "man su" for more details.

Thanks, that can be invoked once I'm at the commandline. How about those scripts that are run at bootup?. Eg. /etc/rc2.d/S10myscript will run at sequence number 10 when the system boot into runlevel 2. How do I use the su command to enable 'myscript' to run as another user besides the owner of 'myscript' when entering runlevel 2?

Thanks again :)

If you always want a script to be run as a certain user, you can use the SUID bit... I'm not sure how familiar you are with the concept of permissions in Linux, but this is an advanced part of that.

OK, so each file has a user and a group that owns it, and a set of permissions that say what its owner; people in the owning group; and anyone else can do to it (read, write and/or execute). If you do ls -l on a file, you'll see this information on the left as something like:Firstly, note that 'adoyle' owns this file and that it belongs to the groups 'users'. The permissions are represented on the left, and you can think of them as three groups of three - 'rwx' for the owner, 'r-x' for the group and 'r-x' for "world". Basically, the owner (adoyle) can read, write and execute (run) this file, while others can only read and execute.

OK, so that's your basic permission to execute. But what if there was some resource that only adoyle had permission to, that the file needed to run? And further, you didn't just want to give access to it willy-nilly except through the script (let's drop the idea of adoyle here and think more about root, and all the priviledged things it can do)? You can set a special permission so that anyone executing the file with that permission, runs it as the file's owner. If this is done, the file shouldn't be writable by anyone other than the owner (for hopefully obvious reasons).

To set this bit, just issue the commandand from that point on anyone executing that file will do so as if they were both the owner and a member of the owning group.



Of course, this is a permanent association with the file itself, and may not be what you wanted. If you're just looking to quickly and temporarily run the file as another user (in a windows way), I think both KDE and GNOME have a "run as other user" option on their right-click menu (it's been a while since I've used either, so I'm not sure of either the name or the details of where it appears, but it's there. I think KDE's is something like kdesu).

HTH,
Andrzej

Suppose I have another user 'john' and he is in the 'users' group, how do I get the script 'pentax' to run as 'john' (instead of adoyle) as the system enters the default runlevel (during boot up)?

I guess the manual way would be to login into the console, stop the script, su as john and restart the script, but that would be abit tedious if one has to do this each time the system boot up.

PS. Running without a GUI.

Thanks for the help :)

I'm not an expert by any means, but based on what dtsazza told you. If "john" is the owner of the script "pentax" than just set the suid bit. If "john" isn't the owner, then perhaps you could change the owner of the script "pentax" to "john" then set the suid bit?

also, if you just wanted to run the script from the console you could use
basically the -c option tells su to run the command then return to your shell not "john's" shell.

Is it the same with daemon too?

It is owned by root and root group, but when I do a 'ps aux', I see the daemon as running by a user called 'klog'. How was it configured such that the daemon is run by a user other than the owner or by a specific user ('klog' in this case')?

Thanks !

I had trouble understanding what your question was at first, but after thinking about it, it's very likely that 'klog' is in fact a user. Linux (and some applications when they're installed) create several users in order to fine tune ownerships and permissions. If you:you can see all the users on your system. You might be confused as to why you don't see their names at the graphical login screen. This is quite simply because all users have a corresponding number (called the UID), and your login manager is configured by default to ignore all users below a certain UID (500 or 1000 is common), and the kernel generates all these non-human users with low UIDs so they won't appear as 'real' ones.

So once you realise that 'klog' really is a user (even if not a person), you can see from the permissions on that file that everyone has normal execute permissions. Thus any user can run klogd (though I'd imagine the program would fall over halfway through if you did it as your normal logon). In terms of how Linux started it as klog instead of as your user, it's more or less just using 'su' to change users. (I'm not completely sure of the details of this, but I don't think that matters so much).

And FYI if you didn't know, klogd is the Kernel LOG Daemon. :)

You can do this if you really want to, but consider it bordering on dangerous. See explanation below.

The trick is to have S10myscript be nothing more than a wrapper for a different script. S10myscript will be run as root, and it's contents need to be something along the lines of:
This will run the john-owned script as userid peter.

WARNING! This implies that root trusts john not to screw with peter!

It is not implicitly bad for root to run a script as a different userid. This is done all the time. However, that script should usually be owned by root and not writeable by others unless there is some compelling reason that overrides the security concerns.

WARNING WARNING WARNING! If you ever have root run a script owned and writeable by somebody else, AS USERID ROOT, you've wiped out any semblance of security your system ever had!!!

I still think a group structure with sudo rights would be more sensible. Doing user_alpha work with user_beta is very, very, very, very, very, very bad policy.
You would want to consider creating a system_log_user group or whatever and then giving sudo execute rights of the program, script or daemon to this group.

Thanks for all the replies, I have learnt much :)