1 .TH RUNUSER 1 "July 2014" "util-linux" "User Commands"
3 runuser \- run a command with substitute user and group ID
5 .BR runuser " [options] " \-u
7 .RI "[[\-\-] " command " ["argument "...]]"
9 .BR runuser " [options] [" \- ]
10 .RI [ user " [" argument "...]]"
13 allows to run commands with a substitute user and group ID.
14 If the option \fB\-u\fR is not given, it falls back to
16 semantics and a shell is executed.
17 The difference between the commands
23 does not ask for a password (because it may be executed by the root user only) and
24 it uses a different PAM configuration.
27 does not have to be installed with set-user-ID permissions.
29 If the PAM session is not required then recommended solution is to use
33 When called without arguments,
35 defaults to running an interactive shell as
38 For backward compatibility,
40 defaults to not change the current directory and to only set the
54 uses PAM for session management.
57 .BR \-c , " \-\-command" = \fIcommand
67 to the shell, which may or may not be useful depending on the
70 .BR \-g , " \-\-group" = \fIgroup
71 The primary group to be used. This option is allowed for the root user only.
73 .BR \-G , " \-\-supp\-group" = \fIgroup
74 Specify a supplemental group. This option is available to the root user only. The first specified
75 supplementary group is also used as a primary group if the option \fB\-\-group\fR is unspecified.
77 .BR \- , " \-l" , " \-\-login"
78 Start the shell as a login shell with an environment similar to a real
83 clears all the environment variables except for
85 and variables specified by \fB\-\-whitelist\-environment\fR
88 initializes the environment variables
96 changes to the target user's home directory
99 sets argv[0] of the shell to
101 in order to make the shell a login shell
105 Create pseudo-terminal for the session. The independent terminal provides
106 better security as user does not share terminal with the original
107 session. This allow to avoid TIOCSTI ioctl terminal injection and another
108 security attacks against terminal file descriptors. The all session is also
109 possible to move to background (e.g. "runuser --pty -u username -- command &").
110 If the pseudo-terminal is enabled then runuser command works
111 as a proxy between the sessions (copy stdin and stdout).
113 This feature is mostly designed for interactive sessions. If the standard input
114 is not a terminal, but for example pipe (e.g. echo "date" | runuser --pty -u user)
115 than ECHO flag for the pseudo-terminal is disabled to avoid messy output.
117 .BR \-m , " \-p" , " \-\-preserve\-environment"
118 Preserve the entire environment, i.e. it does not set
124 The option is ignored if the option \fB\-\-login\fR is specified.
126 .BR \-s , " \-\-shell" = \fIshell
127 Run the specified \fIshell\fR instead of the default. The shell to run is
128 selected according to the following rules, in order:
132 the shell specified with
136 the shell specified in the environment variable
139 .B \-\-preserve\-environment
143 the shell listed in the passwd entry of the target user
149 If the target user has a restricted shell (i.e. not listed in
154 environment variables are ignored unless the calling user is root.
156 .BI \-\-session\-command= command
159 but do not create a new session. (Discouraged.)
161 .BR \-w , " \-\-whitelist\-environment" = \fIlist
162 Don't reset environment variables specified in comma separated \fIlist\fR when clears
163 environment for \fB\-\-login\fR. The whitelist is ignored for the environment variables
170 .BR \-V , " \-\-version"
171 Display version information and exit.
173 .BR \-h , " \-\-help"
174 Display help text and exit.
178 .I /etc/default/runuser
181 configuration files. The following configuration items are relevant
188 Defines the PATH environment variable for a regular user. The
190 .IR /usr/local/bin:\:/bin:\:/usr/bin .
199 Defines the PATH environment variable for root. ENV_SUPATH takes precedence. The default value is
200 .IR /usr/local/sbin:\:/usr/local/bin:\:/sbin:\:/bin:\:/usr/sbin:\:/usr/bin .
208 and \-\-login and \-\-preserve\-environment were not specified
214 The environment variable PATH may be different on systems where /bin and /sbin
215 are merged into /usr.
218 normally returns the exit status of the command it executed. If the
219 command was killed by a signal,
221 returns the number of the signal plus 128.
223 Exit status generated by
229 Generic error before executing the requested command
232 The requested command could not be executed
235 The requested command was not found
241 default PAM configuration file
244 PAM configuration file if \-\-login is specified
247 runuser specific logindef config file
250 global logindef config file
259 This \fB runuser\fR command was
260 derived from coreutils' \fBsu\fR, which was based on an implementation by
261 David MacKenzie, and the Fedora \fBrunuser\fR command by Dan Walsh.
263 The runuser command is part of the util-linux package and is
265 .UR https://\:www.kernel.org\:/pub\:/linux\:/utils\:/util-linux/