27 C
Jaipur
Sunday, October 25, 2020

How to Switch (su) to Another User Account without Password

Must read

Packers vs Texans live stream: how to watch NFL week 7 online from anywhere

The Green Bay Packers roll into week 7 with an impressive 4-1 record and all signs point to that becoming 5-1 after today's game...

Steelers vs Titans live stream: how to watch NFL week 7 online from anywhere

Two of the NFL’s three remaining undefeated teams do battle at Heinz Field today in the pick of week 7's games. After a three-week...

YouTube TV Channels In 2020: Cost & Features Explained

When it comes to cord-cutting due to the constant leaps in the cable bill, the first thing that comes to our minds is Netflix...

This 70-inch 4K TV is on sale for $499.99 in early Black Friday deal at Best Buy

Best Buy is releasing early Black Friday deals this year, and we've spotted a stellar bargain on a big-screen 4K TV. Today only, you...

In this guide, we will show how to switch to another or a specific user account without requiring a password. For example, we have a user account called postgres (the default PostgreSQL superuser system account), we want every user (typically our PostgreSQL database and system administrators) in the group called postgres to switch to the postgres account using the su command without entering a password.

By default, only the root user can switch to another user account without entering a password. Any other user will be prompted to enter the password of the user account they are switching to (or if they are using the sudo command, they will be prompted to enter their password), if they don’t provide the correct password, they get an “authentication failed” error as shown in the following screenshot.

User Authentication Failure Error

You can use any of the two solutions provided below to solve the above issue.

1. Using PAM Authentication Module

PAM (Pluggable authentication modules) are at the core of user authentication on modern Linux operating systems. To allow users in a specific group to switch to another user account without a password, we can modify the default PAM settings for the su command in the /etc/pam.d/su file.

# vim /etc/pam.d/su
OR
$ sudo vim /etc/pam.d/su

Add the following configurations after “auth sufficient pam_rootok.so” as shown in the following screenshot.

auth       [success=ignore default=1] pam_succeed_if.so user = postgres
auth       sufficient   pam_succeed_if.so use_uid user ingroup postgres

In the above configuration, the first line checks if the target user is postgres, if it is, the service checks the current user, otherwise, the default=1 line is skipped and the normal authentication steps are executed.

auth       [success=ignore default=1] pam_succeed_if.so user = postgres

The line that follows checks if the current user is in the group postgres, if yes, the authentication process is considered successful and returns sufficient as a result. Otherwise, the normal authentication steps are executed.

auth       sufficient   pam_succeed_if.so use_uid user ingroup postgres
Configure PAM to Allow Running Su Command without Password
Configure PAM to Allow Running Su Command without Password

Save the file and close it.

Next, add the user (for example aaronk) that you want to su to the account postgres without a password to the group postgres using usermod command.

$sudo usermod -aG postgres aaronk

Now try to su to the postgres account as the user aaronk, you should not be prompted for a password as shown in the following screenshot:

$ su - postgres
Add User to Group
Add User to Group

2. Using Sudoers File

You can also su to another user without requiring a password by making some changes in the sudoers file. In this case, the user (for example aaronk) who will switch to another user account (for example postgres) should be in the sudoers file or in the sudo group to be able to invoke the sudo command.

$ sudo visudo

Then add the following configuration below the line “%sudo ALL=(ALL:ALL) ALL” as shown in the following screenshot.

aaronk ALL=NOPASSWD: /bin/su – postgres
Add User to Sudoers File
Add User to Sudoers File

Save and close the file.

Now try to su to the account postgres as the user aaronk, the shell should not prompt you to enter a password:

$ sudo su - postgres
Switch to Other User Without Password
Switch to Other User Without Password

That’s all for now! For more information, see the PAM manual entry page (man pam.conf) and that of sudo command as well (man sudo).

$ man pam.conf
$ man sudo

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Packers vs Texans live stream: how to watch NFL week 7 online from anywhere

The Green Bay Packers roll into week 7 with an impressive 4-1 record and all signs point to that becoming 5-1 after today's game...

Steelers vs Titans live stream: how to watch NFL week 7 online from anywhere

Two of the NFL’s three remaining undefeated teams do battle at Heinz Field today in the pick of week 7's games. After a three-week...

YouTube TV Channels In 2020: Cost & Features Explained

When it comes to cord-cutting due to the constant leaps in the cable bill, the first thing that comes to our minds is Netflix...

This 70-inch 4K TV is on sale for $499.99 in early Black Friday deal at Best Buy

Best Buy is releasing early Black Friday deals this year, and we've spotted a stellar bargain on a big-screen 4K TV. Today only, you...

This Electric Car Is Made From Plastic Waste and Natural Fibers

Although humans have evolved to be the most intelligent species in the world, we still haven’t figured out how to restore our continuously-degrading natural...