Can you switch your terminal user as any user defined in /etc/passwd?

Tags:

Answer: 1

1 hours ago

Context

This is very newbie question but I dont fully grasp unix users yet.

If I cat /etc/passwd there are different users:

me:x:1000:1000:me,,,:/home/me:/bin/bash
systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin
sddm:x:127:134:Simple Desktop Display Manager:/var/lib/sddm:/bin/false
mongodb:x:128:65534::/home/mongodb:/usr/sbin/nologin
sshd:x:129:65534::/run/sshd:/usr/sbin/nologin
tftp:x:130:138:tftp daemon,,,:/srv/tftp:/usr/sbin/nologin
_rpc:x:131:65534::/run/rpcbind:/usr/sbin/nologin

most of them are no login users (so we would say you can't log in unless it is a /bash user), but if I try this command:

su - mongodb

it prompts me for a password. Problem is I don't know the password in this case.

Question

  • but does this mean I could switch to this user in the terminal and maybe run the process as systemd-service would do?
  • so we would say you can't log in unless it is a /bash user?
Added by: Dr. Geovanni Metz

Answer: 2

18 hours ago

short answer:

  • yes
  • yes

If you are the super user (id=0) or commonly known as root, you cannot login in to it if shell is set to /usr/sbin/nologin or /usr/bin/false

as per the manpage description of nologin:

   **DESCRIPTION**
   nologin displays a message that an account is not available and
   exits non-zero. It is intended as a replacement shell field to
   deny login access to an account.

   If the file /etc/nologin.txt exists, nologin displays its
   contents to the user instead of the default message.

   The exit status returned by nologin is always 1.

but (always if you are root or can sudo commands) you can execute a bash as per one user which is noloign user, to impersonate him for troubleshooting

sudo:

sudo -u mongodb /bin/bash 

root:

su -s /bin/bash mongodb

Those above command does not execute a login, but just execute a bash with the user permission, in this case as mongodb user.

NOTE: normally thos user are passwordless, that mean even the su - process ask you for a password that will never match with nothing also empty password.

Added by: Kaci Quitzon

Popular Search

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9