Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Execute commands as another user' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Execute commands as another user
Authored by: zeb on Feb 20, '03 05:20:39PM

Pardon my ignorance as I am very new to all this, but is there a way to change a user like this, and then perform tasks as that user in the Finder? (without loggin out) Or does this switch mentioned in this hint only apply for the Terminal session and to commands entered within the Terminal?

Let's say, for instance, I wanted to make a slight change in a file within the System Library, but can't unless I'm root (or I change the permissions for said file)... Can I enter a command in the Terminal to change my UID so I can go and make the change as "root", then enter another command to switch back to my UID?



[ Reply to This | # ]
Execute commands as another user
Authored by: pmccann on Feb 20, '03 09:25:49PM

Nope: you'll be root in the terminal if you execute a command such as

sudo -s

(this will be indicated with the "#" prompt), but changing your terminal identity this way doesn't affect the GUI: the critical windowing processes that are doing all the heavy lifting were started by the user who logged in via the GUI, and that's not going to change without a logout (or a change in the way that apple implements this stuff so that there can be multiple, swappable sessions on the go at the same time, with only one "visible").

Cheers,
Paul



[ Reply to This | # ]
Execute commands as another user
Authored by: schnarr on Feb 21, '03 12:32:31PM

I've used sudo and su a lot, and there are reasons for using one or the other.

By what you're saying, you want to edit a file you don't own, which you can do by using 'sudo command', where command is the command you want to do (with any required parameters).
Say I want to edit /etc/passwd (for some reason)
I would type
sudo vim /etc/passwd
[my normal password]
This file is opened for editing as root, but when I save it and exit, I'm back to being my normal user.
Additional sudo commands done within the next 5 minutes don't need a password (and the timer resets with each call, so if you edit a bunch of files within 5 minutes of each other you can potentially chain hours or days together), so as long as you keep doing sudos, you won't need to authenticate yourself each time. The 5 minute limit is to ensure you don't walk away from your keyboard and give someone else temporary root.

I almost never use sudo -s, unless I need to do a ton of actions as root (debugging an install, for instance). With sudo -s you're leaving a door open in your system. For the most part, it's not that dangerous if you're just doing it at home, but you never know when the feds are going to wiretap your home for all those napster downloads...

A few notes about 'su':
using su instead of sudo makes your effective user ID=root (euid) as well as your uid. This has implications if you're running programs that have the sticky bit set that do a setuid or setgid - er, in English, that's programs that run as a different user than the owner of them and the program itself runs some part of itself as a different user. The ONLY place I've ever used anything like this is in a Web perl-CGI that needed to be executed with root priveleges, but run as a specific user (specifically because I was remote logging into machines where I didn't have a root password).

using 'su' without the '-' uses the current user's shell and environment variables. This is handy if you want to figure out problems with another user's shell variables. I've used this FAR too much (usually because of slow logins due to stale remote mounts or someone putting Xwindows display settings in their .cshrc).

The su I'm describing above is always 'su username' though - you really never need 'su -' unless you need your effective user ID set.



[ Reply to This | # ]
Execute GUI commands as another user
Authored by: mj on Feb 21, '03 09:24:03PM

You can actually use GUI programs as root without logging out—it just involves restarting the program you want to use as root. So, on the rare occasion I need to use the Finder as root, I

osascript -e 'tell app "Finder" to quit'
sudo /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder

If you look up the Finder's PID, you could also quit it with

sudo kill -HUP <finder_pid>

but I'm not sure if the Finder will quit cleanly that way. When you're done, you can quit the same way, and start the Finder as yourself as above without the sudo, or by clicking in the Dock.

My slight guesswork explanation as to why this works is that root, having access to everything, has access to your display interlocks (whatever those are), and so can use your display. I imagine that with the appropriate tweaking of groups and permissions that you could set up your computer to allow you to use your display as other users, too.

MJ



[ Reply to This | # ]