runuser

Run command as a different user

$ runuser [user] [[-c|--command]] '[command]'

$ runuser [user] [[-g|--group]] [group] [[-c|--command]] '[command]'

$ runuser [user] [[-l|--login]]

$ runuser [user] [[-s|--shell]] [/bin/sh]

$ runuser [user] [[-p|--preserve-environment]] [[-c|--command]] '[command]'

runuser [options] -u user [command [argument...]]
runuser [options] -u user -c command

-u, --user user
    The target user's name or UID. This option is mandatory.

-c, --command command
    Execute the specified command string instead of an interactive shell. The command is passed to the shell.

-l, --login
    Start the shell as a login shell. This implies changing to the target user's home directory and cleaning the environment.

-p, --preserve-environment
    Do not reset the environment variables, preserving them from the calling process.

-P, --pty
    Allocate a pseudo-terminal for the session, allowing full terminal control.

-s, --shell shell
    Specify the shell to use instead of the target user's default shell.

-g, --group group
    Specify the primary group for the session.

-G, --supp-group group
    Specify an additional supplementary group for the session.

--session-command
    Equivalent to -c, but indicates that the command is to be executed via a session.

--help
    Display help information and exit.

--version
    Display version information and exit.

--
    Indicates the end of options. Any arguments following '--' are treated as command arguments, even if they start with a hyphen.

runuser allows a user to execute a command or an interactive shell as another user. It is part of the util-linux package and is often a symbolic link to the su command, but with a crucial distinction: when executed by the root user, runuser does not prompt for a password. This makes it particularly useful in scripts and automated environments where interacting with a password prompt is undesirable or impossible.

The command changes the effective user ID (UID) and group ID (GID) to that of the target user. By default, it creates a new environment, discarding most of the current user's environment variables, similar to a new login. However, options exist to preserve the environment or specific variables. It's commonly used by system administrators to perform tasks under a less privileged account or to simulate a user's environment for debugging purposes. Unlike sudo, runuser typically requires root privileges to switch to an arbitrary user without providing the target user's password; otherwise, it requires authentication.

runuser is a powerful command that, when misused, can have security implications.

When executing commands as another user, be mindful of the environment variables. By default, runuser clears most environment variables and sets a new, minimal environment. This can sometimes lead to unexpected behavior if the executed command relies on specific environment settings. Use the --preserve-environment (-p) option with caution, as it can expose sensitive environment variables to the new user session.

Unlike sudo(8), runuser does not inherently manage or restrict what commands a non-root user can execute as another user. It primarily changes the user ID. If a non-root user attempts to use runuser for a user other than themselves, it will typically require authentication, similar to su. Its main advantage over su for root is the lack of a password prompt, which is crucial for automation.

While runuser is often a symlink to su, its primary behavioral difference is that root can execute runuser without being prompted for the target user's password. su will typically always prompt for a password unless configured otherwise via PAM. This makes runuser ideal for root-owned scripts where non-interactive user switching is required.

By default, runuser attempts to provide a 'clean' environment for the target user, simulating a fresh login as much as possible (e.g., setting HOME, SHELL, USER, LOGNAME, PATH). The --preserve-environment (-p) option explicitly prevents this cleanup, carrying over the calling user's environment. The --login (-l) option goes even further in simulating a new login, reading the target user's profile files.

runuser is part of the util-linux collection of essential system utilities for Linux. It emerged as a dedicated utility to address the specific need for running commands as another user without a password prompt when invoked by root. Historically, su would always prompt for a password unless specific PAM configurations were in place or it was run from a trusted context. runuser provides a cleaner, more predictable behavior for scripting where su's password prompt could cause scripts to hang. In many systems, runuser is implemented as a symlink to su with internal logic to handle the --user option and the no-password-for-root behavior. Its development focused on providing a reliable command for privileged automation tasks.

su(1), sudo(8), login(1)