I log on to my server as userA, this user has a bash shell, everything works fine with it.
Then, for the purposes of a program, I've had to do sudo adduser --system --home=/home/userB --group userB; this user is apparently passwordless, judging by the contents of /etc/passwd and /etc/shadow:
$ grep userB /etc/passwd userB:x:Z08:WW9::/home/userB:/bin/false $ sudo grep userB /etc/shadow userB:*:16XXX:0:YYYYY:7::: Also, there is no /home/userB/.profile, nor any /home/userB/.bash* files in the userB home directory.
Now, while I'm logged in as userA, I'd like to run commands as userB, in particular inspect the $PATH that userB sees. So I've tried to edit via EDITOR=/usr/bin/nano sudo visudo, and add either of the userA lines:
... # User privilege specification root ALL=(ALL:ALL) ALL #userA ALL=(userB) NOPASSWD: /bin/bash userA ALL = (userB) NOPASSWD: ALL ... ... then save the file, logout from remote shell, re-login back as userA. Then I try running:
$ sudo -iu userB; echo $? 1 $ sudo -S -u userB -i /bin/bash -l -c 'echo $HOME'; echo $? 1 $ sudo -i -u userB echo \$HOME; echo $? 1 ... and clearly, nothing works - and there is no error either. Then I thought I'd strace one of these commands, and indeed I got an error:
$ strace sudo -iu userB ... write(2, "sudo: effective uid is not 0, is"..., 140sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges? ) = 140 exit_group(1) = ? +++ exited with 1 +++ However, nosuid is not a problem on this root partition, I guess:
$ mount | grep '/ ' /dev/sdaX on / type ext4 (rw,errors=remount-ro) So now I really have no idea what to do. Is it possible at all to have userA in this case run commands (e.g. print the $HOME environment variable) as userB - and if so, how can I get it to work?
*in the password field in/etc/shadowmeans "no login", rather than "no password".stracesetuid programs; the setuid flag is ignored if you try.passwd userB./bin/bash? Currently it is set to/bin/false.*is good, here.