runuser
Run commands as another user
TLDR
Run command as a different user
Run command as a different user and group
Start a login shell as a specific user
Specify a shell for running instead of the default shell (also works for login)
Preserve the entire environment of root (only if --login is not specified)
SYNOPSIS
runuser [options] -u user [command [argument...]]
runuser [options] -u user -c command
PARAMETERS
-u, --user user
The target user's name or UID. This option is mandatory.
-c, --command command
Execute the specified command string instead of an interactive shell. The command is passed to the shell.
-l, --login
Start the shell as a login shell. This implies changing to the target user's home directory and cleaning the environment.
-p, --preserve-environment
Do not reset the environment variables, preserving them from the calling process.
-P, --pty
Allocate a pseudo-terminal for the session, allowing full terminal control.
-s, --shell shell
Specify the shell to use instead of the target user's default shell.
-g, --group group
Specify the primary group for the session.
-G, --supp-group group
Specify an additional supplementary group for the session.
--session-command
Equivalent to -c, but indicates that the command is to be executed via a session.
--help
Display help information and exit.
--version
Display version information and exit.
--
Indicates the end of options. Any arguments following '--' are treated as command arguments, even if they start with a hyphen.
DESCRIPTION
runuser allows a user to execute a command or an interactive shell as another user. It is part of the util-linux package and is often a symbolic link to the su command, but with a crucial distinction: when executed by the root user, runuser does not prompt for a password. This makes it particularly useful in scripts and automated environments where interacting with a password prompt is undesirable or impossible.
The command changes the effective user ID (UID) and group ID (GID) to that of the target user. By default, it creates a new environment, discarding most of the current user's environment variables, similar to a new login. However, options exist to preserve the environment or specific variables. It's commonly used by system administrators to perform tasks under a less privileged account or to simulate a user's environment for debugging purposes. Unlike sudo, runuser typically requires root privileges to switch to an arbitrary user without providing the target user's password; otherwise, it requires authentication.
CAVEATS
runuser is a powerful command that, when misused, can have security implications.
When executing commands as another user, be mindful of the environment variables. By default, runuser clears most environment variables and sets a new, minimal environment. This can sometimes lead to unexpected behavior if the executed command relies on specific environment settings. Use the --preserve-environment (-p) option with caution, as it can expose sensitive environment variables to the new user session.
Unlike sudo(8), runuser does not inherently manage or restrict what commands a non-root user can execute as another user. It primarily changes the user ID. If a non-root user attempts to use runuser for a user other than themselves, it will typically require authentication, similar to su. Its main advantage over su for root is the lack of a password prompt, which is crucial for automation.
RUNUSER VS. SU
While runuser is often a symlink to su, its primary behavioral difference is that root can execute runuser without being prompted for the target user's password. su will typically always prompt for a password unless configured otherwise via PAM. This makes runuser ideal for root-owned scripts where non-interactive user switching is required.
ENVIRONMENT HANDLING
By default, runuser attempts to provide a 'clean' environment for the target user, simulating a fresh login as much as possible (e.g., setting HOME, SHELL, USER, LOGNAME, PATH). The --preserve-environment (-p) option explicitly prevents this cleanup, carrying over the calling user's environment. The --login (-l) option goes even further in simulating a new login, reading the target user's profile files.
HISTORY
runuser is part of the util-linux collection of essential system utilities for Linux. It emerged as a dedicated utility to address the specific need for running commands as another user without a password prompt when invoked by root. Historically, su would always prompt for a password unless specific PAM configurations were in place or it was run from a trusted context. runuser provides a cleaner, more predictable behavior for scripting where su's password prompt could cause scripts to hang. In many systems, runuser is implemented as a symlink to su with internal logic to handle the --user option and the no-password-for-root behavior. Its development focused on providing a reliable command for privileged automation tasks.