ABC is an account which has sugroups=su2DEF and root is not part of su2DEF group.
Your question has already been answered by the others, but I'd like to comment on your scenario: root doesn't have to be in this group because for practial purposes root is per definition in every group there is: root can read/write any file or directory regardless of being in that particular group or not, because the normal group rights won't apply to root (to be precise: the user with UID=0).
What i want to say is: do you really need to switch away from root, given this information?
You might want to do it because the user you switch to is an application user with a very specific environment (databases often have such users) which root lacks. You also might want to do it because the process you start as this user creates some file(s) and you want these files owned by the user, not by root.
Therefore, you still might have a good reason to "su" away from root, but you might want to reestimate the need to so in light of above information.
BTW: you can su to another user for a single command with the "-c" switch. For instance:
Is is possible switch user from a non-root user to root user without entering the password interactively inside a korn shell script which is run by a non-root user?
e.g. I have a non-root user called infodba who is in dba group and I want to create a shell script which is executed by infodba... (5 Replies)
Hi
I have written a script to switch user and do some operations. I used expect command it doesn't work. It switches the user and waits for the Password to be entered manually. Also, i tried to fetch the pasword from passwd file, it didn't work.The script is as below:
... (4 Replies)
Hi,
I have to switch to a different user and execute certain commands and then come back to the original user
Ex: My id is 'usstage'. I need to switch to 'apstage', souce a script there, execute a function and then get back again to usstage.
Please note that I do not have expect installed... (4 Replies)
Hi Experts,
I'm trying to write a shell script to stop few things where i have to use another user to execute a command. Otherwise it will not work.
Your help is really appreciated
Thanks, (16 Replies)
I want to switch as another user without using password .Is it posiible ? I have one server B and I have logged in as username u1 but I want to login to that same server using username as u2 but I don't want to give the password for u2. (3 Replies)
Hi Gurus,
I have a script that requires me to switch from local user to root. Anyone who has an idea on this since when i switch user to root it requires me to input root password.
It seems that i need to use expect module here, but i don't know how to create the object for this.
... (1 Reply)
Usually in solaris/Linux servers , when you do an su - username (space before and after the hyphen) the user's .profile should get sourced. But in the below linux machine it is not. As you see below ORACLE_HOME variable is not being set.
# uname -a
Linux revaltb214 2.6.18-238.el5 #1 SMP Sun... (7 Replies)
Hello All,
Here I am trying to login a Linux machine as admin user from a Solaris box..
& then switch to root user..
Code I use:
ssh admin@<IP> << END
su - root << A
echo "Hello I am logged in as root"
exit
A
exit
END
But the error I get..
su: must be run from a... (3 Replies)
Hi,
I need to switch from local user to root user in a shell script.
I need to make it automated so that it doesn't prompt for the root password.
I heard the su command will do that work but it prompt for the password.
and also can someone tell me whether su command spawns a new shell or... (1 Reply)
HI
in a server we can't login with root user directly but i can login with different user and then i can switch to root user by su command
Requirement
is there anyway where i can write a script without mentioning password in file as mentioning the root password is not the... (3 Replies)
Discussion started by: scriptor
3 Replies
LEARN ABOUT LINUX
pam_wheel
PAM_WHEEL(8) Linux-PAM Manual PAM_WHEEL(8)NAME
pam_wheel - Only permit root access to members of group wheel
SYNOPSIS
pam_wheel.so [debug] [deny] [group=name] [root_only] [trust]
DESCRIPTION
The pam_wheel PAM module is used to enforce the so-called wheel group. By default it permits root access to the system if the applicant
user is a member of the wheel group. If no group with this name exist, the module is using the group with the group-ID 0.
OPTIONS
debug
Print debug information.
deny
Reverse the sense of the auth operation: if the user is trying to get UID 0 access and is a member of the wheel group (or the group of
the group option), deny access. Conversely, if the user is not in the group, return PAM_IGNORE (unless trust was also specified, in
which case we return PAM_SUCCESS).
group=name
Instead of checking the wheel or GID 0 groups, use the name group to perform the authentication.
root_only
The check for wheel membership is done only.
trust
The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play
stacking the modules the wheel members may be able to su to root without being prompted for a passwd).
MODULE TYPES PROVIDED
The auth and account module types are provided.
RETURN VALUES
PAM_AUTH_ERR
Authentication failure.
PAM_BUF_ERR
Memory buffer error.
PAM_IGNORE
The return value should be ignored by PAM dispatch.
PAM_PERM_DENY
Permission denied.
PAM_SERVICE_ERR
Cannot determine the user name.
PAM_SUCCESS
Success.
PAM_USER_UNKNOWN
User not known.
EXAMPLES
The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non-root applicants.
su auth sufficient pam_rootok.so
su auth required pam_wheel.so
su auth required pam_unix.so
SEE ALSO pam.conf(5), pam.d(5), pam(7)AUTHOR
pam_wheel was written by Cristian Gafton <gafton@redhat.com>.
Linux-PAM Manual 05/31/2011 PAM_WHEEL(8)