runuser Command in Linux
The runuser is a Linux command-line tool that allows you to switch to another user account and execute commands with that user's privileges. Unlike su, runuser does not prompt for the target userâs password, making it ideal for automated scripts and tasks where password prompts could be an issue. This command helps maintain security and control by allowing specific command execution under different user contexts.
Table of Contents
Here is a comprehensive guide to the options available with the runuser command −
Syntax of runuser Command
The fundamental syntax for the runuser command is as follows −
runuser [options] -u user command
Where −
- [options] − Optional flags that modify the behavior of runuser.
- -u user − Specifies the username to switch to.
- command − The command you want to execute as the specified user.
runuser Command Options
Let's highlight a few options you can leverage with the Linux runuser command −
| Option | Description |
|---|---|
| -c, --command | Execute a single command as the specified user. |
| -f, --fast | Passes the -f option to the shell, primarily used for csh or tcsh to start faster by skipping certain initialization steps. |
| -g, --group | Specify the primary group for the command execution. |
| -G, --supp-group | Specify additional supplementary groups. |
| -h, --help | Displays the help information for the command. |
| -, -l, --login | Initiates a login shell, creating an environment similar to a full user login session. |
| -m, -p, --preserve-environment | Prevents the resetting of environment variables, allowing the current environment variables to be preserved when switching users. |
| -P, --pty | Creates a new pseudo-terminal, which can be useful for commands requiring terminal features. |
| -s, --shell | Use the specified shell instead of the default. |
| -u, --user | Specify the target user to switch to. |
| -V, --version | Outputs the version information of the command. |
| -w, --whitelist-environment <list> | Ensures that specific environment variables are not reset. |
Examples of runuser Command in Linux
Let's take a closer look at several practical applications of the runuser command on Linux −
- Listing the Home Directory of Another User
- Printing Environment Variables While Preserving Them
- Whitelisting Specific Environment Variables
- Listing a Project Directory with a Specified Primary Group
- Verifying Group Memberships with Supplementary Groups
- Initiating a Login Shell for Another User
- Running a Command with a Specific Shell
- Running a Command in the Current Session Context
Listing the Home Directory of Another User
To list the contents of another user's home directory, you can use the command runuser to switch to that user and execute the ls command. For example −
runuser - linux -c 'ls /home/linux'
This command changes the user context to linux and lists their home directory's contents, ensuring you can view their files securely.
Printing Environment Variables While Preserving Them
If you need to print the current environment variables while preserving them, runuser allows you to do this without switching users −
runuser --preserve-environment -c 'printenv'
This command runs printenv, ensuring all current environment variables are retained and displayed.
Whitelisting Specific Environment Variables
In cases where you need to keep certain environment variables unchanged while running a command as another user, you can use −
runuser - linux --whitelist-environment PATH,HOME -c 'env'
This ensures that the PATH and HOME environment variables remain unchanged for linux, maintaining critical paths and home directory settings.
Listing a Project Directory with a Specified Primary Group
When you need to list the contents of a project directory with a specific primary group, you can do so with −
runuser -g linux -c 'ls /home'
This command lists the contents of /home with linux as the primary group, ensuring the correct group permissions are applied.
Verifying Group Memberships with Supplementary Groups
To include supplementary groups and verify group memberships, the runuser command provides a straightforward solution −
runuser -G group1 -c 'id'
This command includes group1 as supplementary groups, displaying all group memberships.
Initiating a Login Shell for Another User
If you need to initiate a login shell for another user, the runuser can be utilized without specifying a user switch −
runuser --login otheruser
This command initiates a login shell for otheruser, setting up an environment similar to a normal login session.
Running a Command with a Specific Shell
To run a command using a specific shell, the runuser allows you to specify the shell without switching users −
runuser -s /bin/bash linux -c 'echo $SHELL'
This command runs the command with /bin/bash as the shell for linux, ensuring the correct shell environment.
Running a Command in the Current Session Context
For executing a command while maintaining the existing session context, you can use −
runuser --session-command='uptime' linux
This command runs uptime under linux, preserving the current session's environment without creating a new session.
Conclusion
The runuser command is an essential tool for system administrators, providing a secure and efficient way to execute commands under different user identities without requiring password prompts. This is particularly beneficial for automated scripts, cron jobs, and administrative tasks.
Understanding and utilizing the various options of runuser enables administrators to maintain security, streamline operations, and ensure commands execute with the appropriate permissions and environments.