Join Log in
Score:7
avatar Server

How can I run a shell as a user that has no shell access?

cn flag
DomingoSL

Maybe I'm not using the right terms so allow me to explain myself using an example. Connecting over SSH as user "centos" and executing cat /etc/passwd in my Centos7 machine I get:

centos:x:1000:1000:Cloud User:/home/centos:/bin/bash
www:x:1001:1001::/home/www:/sbin/nologin

Now, if try sudo su www - I get: This account is currently not available.

That according to my limited knowledge is due to the nologin part. What I want to do is to be able to switch to the www user in the SSH session without (if possible) giving the www user the possibility to access directly the server over SSH, like when the root user tries to SSH and get an error telling that you are supposed to log in as centos and then change to root if needed.

What will be the steps to achieve the desired behavior?

2620
0 + 0
ssh
id flag
cg909
Related: https://unix.stackexchange.com/q/358740/147970
0
Reply
Peter Cordes avatar
ke flag
Peter Cordes
"shell access" kind of implies that user being able to log in directly. Sure, you could block them from SSH specifically, but still allow password logins on a console terminal, serial port, or other place where you could run a getty daemon. So that answers your question title, rather than what you're actually asking (about starting a shell as another user that can't login directly.)
3
Reply
cn flag
Shadur
I'll grant deman this, the title of the question is poorly worded compared to what the asker is actually trying to achieve per the text. Fixing.
0
Reply
Score:33
avatar Server
in flag
Gerald Schneider

Just run a shell under the user.

sudo -u www bash
0 + 0
Score:17
avatar Server
cn flag
yoozer8

The su command takes a shell option (-s), so you can specify which shell to use, allowing you to become the user.

sudo su www -s /bin/bash
0 + 0
Score:3
avatar Server
cn flag
Shadur

The command syntax you're looking for is sudo -u www -s

This will drop you into a shell as the www user even if they don't have a shell normally.

0 + 0
Score:-5
deman_killer avatar Server
us flag
deman_killer

Yes, you need to alter /etc/passwd - set a valid shell for this user. In order to run commands as this user, sudo -u www might help.

0 + 0
cn flag
Shadur
That's 1) not what they asked and 2) even if it were this would be *terrible advice* to give to someone who's clearly unused to unix. Do **NOT** edit `passwd` manually if there is *any* alternative available.
4
Reply
deman_killer avatar
us flag
deman_killer
It is the right answer for the title and diag. But detailed question is different. Why not drop question's rate?
0
Reply
deman_killer avatar
us flag
deman_killer
It's terrible advice to access service accounts with a secure shell.
2
Reply
cn flag
Shadur
If you answered the title without reading the question then you deserve that -1 even more.
3
Reply
deman_killer avatar
us flag
deman_killer
Would you kindly?
0
Reply
in flag
Gerald Schneider
Additionally: it only answers how to add the shell. You could at least add how to prevent SSH access.
2
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.