Generally, when we try to switch users in Linux, it will prompt you to enter password for that user. Only on successful authentication, you are allowed to switch user. However, sometimes you may need your users to be able to switch to a particular user without password in Linux. In this article, we will look at how to switch user without password in Linux.
How to Switch User without Password in Linux
For our example, we have user account data_users and we want every user in group data_users to be able to switch to user account data_users using su, without password.
By default, only root user can switch accounts without using password. Other users need to enter password to be able to switch user accounts.
There are two ways to solve this problem.
1. Using PAM Authentication Module
PAM (Pluggable Authentication Module) allows users in one group to switch accounts without using password. We will modify the default settings for su command by opening its configuration file.
# vim /etc/pam.d/su OR $ sudo vim /etc/pam.d/su
Add the following lines after “auth sufficient pam_rotook.so”
auth [success=ignore default=1] pam_succeed_if.so user = data_user auth sufficient pam_succeed_if.so use_uid user ingroup data_user
In the above lines, the first line checks if target user is data_user. If so, then the service proceeds with next line. Otherwise, it carries out default authentication. Next line checks if the user belongs to data_user group. If so, it will switch user without password, else carry out default authentication.
Save and close the file.
Next, add another user test_user to data_user group
$ sudo usermod -aG data_user test_user
Now, login as test_user into Linux, and then run the following command from terminal.
$ sudo - data_user
You will be automatically switched without being prompted for password.
2. Using Sudoers File
You can also accomplish this result by modifying sudoers file. Basically, the user that you want to be able to switch to your target account, needs to be present in sudoers file or in the sudo group. You can do so by using visudo command.
$ sudo visudo
Add the following line below “%sudo ALL=(ALL:ALL) ALL” line. This is to allow test_user to switch to data_user without password.
test_user ALL=NOPASSWD: /bin/su – data_user
Save and close the file. As before, login using test_user account and issue the following command to switch to data_user without password.
$ sudo su - data_user
That’s it. In this article, we have learnt two different ways to enable users to switch accounts without passwords. Although it makes things easy to switch accounts without password, you should be very careful not to create a security breach while doing so. It is always advisable to leave the password prompt as-is for switching accounts.
How to Find Most Frequent IP Addresses on Apache Server
How to Zip Files & Folders in Linux
What are the Different Shells Available in Linux
How to Fix Permission Denied Error in Shell Script
How to Get Filename From Path in Shell Script