Switching (SU) to another User Account Without Password: A Complete Guide

Switching (SU) to another User Account Without Password: A Complete Guide

When making a switch from one user account to another in Linux, you need to provide a password for authentication purposes. By default, only the superuser could do it, while the rest of the users would have to provide the password. But what if you could skip inputting the password and make things faster? That’s quite possible using the su command.

There are two ways to get it done. They are explained in the subsequent section in greater detail.

PAM Authentication Module

PAM or Pluggable Authentication Module is one way of getting around the password step. The module sits at the core of user authentication in Linux OS. To allow certain users to switch to other user accounts, you can modify the default settings in the /etc/pam.d/su file.

So go into that file using this command:

Code:
# vim /etc/pam.d/su
OR

Code:
$ sudo vim /etc/pam.d/su
Next, you need to add the following code after auth sufficient pam_rootok.so:

auth [success=ignore default=1] pam_succeed_if.so user = postgres auth sufficient pam_succeed_if.so use_uid user ingroup postgres

The first line of code checks if the user is postgres. If not, it will check the current user. Otherwise, the service will skip the default=1 line and go on to execute the usual authetication steps.

The second line checks if the current user is in the postgres group. If that’s the case, the authentication process is deemed successful. Or else, the service proceeds with normal authetication steps.

Once you’ve added the codes successfully, save and close the file.

The next thing you need to do is add an user that you intend to su to the account postgres without passwords. You’ have to use the usermod command like this:

Code:
$sudo usermod -aG postgres user2
Now, try to su to the postgres account as user ‘user2’ - $ su - postgres

If you’ve followed the steps properly, you shouldn’t be prompted to provide password.

Using Sudoers File

The second way to get past the password step is to make changes to the sudoers file. This file controls which users can run what commands. In other words, it checks for privileges. The sudoers file is composed of aliases.

To invoke sudo command, the user who will switch to another user account needs to be in the sudoers file or in the sudo group. Execute this command first to edit the sudoers file:

Code:
$ sudo visudo
Code:
Next, you need to add the below configuration under the “%sudo ALL=(ALL:ALL) ALL” line:

Code:
User2 ALL=NOPASSWD: /bin/su – postgres
Save the file and exit.

If you try to su to the postgres account, you would not see the password prompt message. Go ahead and execute this:

Code:
$ sudo su - postgres
So that’s how you can switch to another user account without password. If problem persists contact the support team.
Author
kumkumsharma
Views
4,063
First release
Last update
Rating
0.00 star(s) 0 ratings

More resources from kumkumsharma

Top