Use su without the need of a password

in #linux5 years ago (edited)

I recently searched for a solution to su into a user which is only used for an application without entering a password. I normally create an application user without any password because that user never should be able to be logged on to. If you are not using the root user or sudo to log on you are required to enter a password even though the user does not have one at all. I found a neat trick which I want to share with you.
We can achieve these goals using Pluggable Authentication Modules or short PAM. We need to edit the corosponding su file with is located under /etc/pam.d/su and add the following lines under pam_rootok.so:
auth [success=ignore default=1] pam_succeed_if.so user = user
auth sufficient pam_succeed_if.so use_uid user = adminuser
If you want to allow a group of users to su into the user defined in the first line instead of one single user you can use
auth sufficient pam_succeed_if.so use_uid user ingroup admins
for the second line. In this example the group is called admins, the user which will su into another user adminuser and the user that will be su’ed in user
The finished file should now look like this:

#
# The PAM configuration file for the Shadow `su' service
#

# This allows root to su without passwords (normal operation)
auth       sufficient pam_rootok.so
auth  [success=ignore default=1] pam_succeed_if.so user = user
auth sufficient pam_succeed_if.so use_uid user ingroup admins
...
Sort:  

Really cool, works perfectly in my environment!

Congratulations @timoschuetz! You have completed the following achievement on the Steem blockchain and have been rewarded with new badge(s) :

You made your First Vote
You received more than 10 upvotes. Your next target is to reach 50 upvotes.

You can view your badges on your Steem Board and compare to others on the Steem Ranking
If you no longer want to receive notifications, reply to this comment with the word STOP

Vote for @Steemitboard as a witness to get one more award and increased upvotes!