48 
# su -l www-data ./http-app.py This account is currently not available. # su -l www-data -c ./http-app.py This account is currently not available. # su -c ./http-app.py www-data This account is currently not available. # su -lc ./http-app.py www-data This account is currently not available. # getent passwd www-data www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin # getent shadow www-data www-data:*:16842:0:99999:7::: # lsb_release -a No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux 8.6 (jessie) Release: 8.6 Codename: jessie

What's wrong with my su or www-data? It used to work...

Presumably this is because of the /usr/sbin/nologin, but how then I drop root for this one script, without compromising other services on the system (nologin has been chosen by Debian team for a good reason, I want to believe)?

Improve this question
0

5 Answers 5

Reset to default
71

You are using su which is used to "switch user". Of course it won't work because www-data is a user account which cannot be used to login. You have told it: /usr/sbin/nologin.

Maybe what you want is sudo which is used to "execute a command as another user".

sudo -u www-data ./http-app.py
Improve this answer
1
  • 3
    I always used su for this purpose and it always used to work. sudo is an extra package to install, but you are right, I can use it to achieve what I want. Commented Dec 1, 2016 at 22:38
38

Without debating su vs. sudo you can try adding -s /bin/sh to your command line. (I could not verify this option is available for jessie since the Debian manpages webserver isn't working: https://manpages.debian.org/)

Improve this answer
3
  • 9
    Thanks, it works in Debian 9 su www-data -s /bin/sh to get back to root just type su. Commented Sep 22, 2017 at 3:42
  • 7
    @PJBrunet - "to get back to root" (assuming you su'd from root) you would type "exit". To start a new root shell you would type su. Commented Jan 25, 2018 at 14:19
  • 3
    I had to do sudo su www-data -s /bin/sh (or /bin/bash) Commented Apr 14, 2021 at 15:09
19

If you want not only execute one command, but switch to www-data in order to test some stuff for that user, this worked for me:

sudo -u www-data sh

It's a little bit shorter. Exit the session with [ctrl]+[d] or exit

Improve this answer
1
  • 2
    Tested working too with sudo -u www-data bash. Thanks you. Commented Mar 23, 2020 at 13:37
3

With this kind of problem I have used the option -p :

su -pc ./http-app.py www-data

-p : the environment is preserved. In peculiar it does not try to login with the new account, so you dont get the message: This account is currently not available. .

Improve this answer
1

There is another possibility (works for me with Debian 10):

As root you can edit /etc/passwd. Change the shell for www-data from /usr/sbin/nologin to /bin/bash or whatever you prefer:

www-data:x:33:33:www-data:/var/www:/bin/bash

Don't forget to give www-data a password with

passwd www-data

After that you can login with www-data as a normal user.

Improve this answer
1
  • 2
    This is possible, but not secure. I do not recommend doing this on a production environment. Commented Nov 21, 2021 at 15:39

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.