Sudo command gets executed as root instead of specified userTracking what commands were executed after sudo to another userDetails about sudo commands executed by all userWhy does the root user need sudo permission?How to prevent the caller's shell from being used in sudoRun sudo command with non-root user in Docker containerRestrict user to run specific sudo commandhow to let sudo fork bash instead of sh?Set custom environment to root user from normal user (sudo -i)How a non-root user sudo to another non-root user without password?

What is the fastest algorithm for finding the natural logarithm of a big number?

"Dear Stack Exchange, I am very disappointed in you" - How to construct a strong opening line in a letter?

Can the Bountiful Luck halfling racial feat be used multiple times in one round?

"Shake your head all you like" meaning

Did smallpox emerge in 1580?

How to handle shared mortgage payment if one person can't pay their share?

Island of Knights, Knaves, Spies

An idiomatic word for "very little" in this context?

Java creating augmented array of size 400,000,000

Why is it popular to teach modulus via the example of mod 12 and analogue clocks?

Can the bass be used instead of drums?

What is the German word for: "It only works when I try to show you how it does not work"?

SSD or HDD for server

How did Ron get five hundred Chocolate Frog cards?

Having trouble with accidentals - Note-for-note vs traditional?

What's the most efficient way to draw this region?

How honest to be with US immigration about uncertainty about travel plans?

Can migraine attacks be predicted by any means?

Big Bracket for equations

Raspberry pi run commands on boot

Proofreading a novel: is it okay to use a question mark with an exclamation mark - "?!"

33 Months on Death Row

Is It Possible to Make a Computer Virus That Acts as an Anti-virus?

Are There 3D Rules for Flying and Distance?



Sudo command gets executed as root instead of specified user


Tracking what commands were executed after sudo to another userDetails about sudo commands executed by all userWhy does the root user need sudo permission?How to prevent the caller's shell from being used in sudoRun sudo command with non-root user in Docker containerRestrict user to run specific sudo commandhow to let sudo fork bash instead of sh?Set custom environment to root user from normal user (sudo -i)How a non-root user sudo to another non-root user without password?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty
margin-bottom:0;









6

















sudo -EH -u someuser nohup sh check.sh &


Above commands runs the process as root instead of the user specified by -u flag.



root 4056 2388 0 13:00 pts/4 00:00:00 sudo -EH -u someuser nohup sh /tmp/check.sh &


Below are the sudoers entry.



Cmnd_Alias SUDO_CMNDS = /bin/echo,/bin/ls,/bin/cat,/bin/vim,/bin/mv,/bin/cp,/bin/rm,/bin/mkdir,/bin/diff,/bin/id,/bin/hostname,/bin/grep,/bin/nohup,/bin/locate,/bin/find,/bin/sed,/bin/awk,/usr/bin/whoami


%sudomygroup ALL=(someuser) NOPASSWD:SETENV: SUDO_CMNDS



Extra output as suggested by @michael homer



$ ps -ef|grep -i check 
root 14260 14090 0 13:20 pts/4 00:00:00 sudo -HE -u someuser nohup sh /tmp/check.sh
someuser 14261 14260 0 13:20 pts/4 00:00:00 sh /tmp/check.sh





linux bash sudo







share|improve this question























  • 1





    Your second quote looks like it's reporting who ran sudo, not nohup.

    – Michael Homer
    Apr 29 at 7:40











  • Also, is the & really included in the output?

    – Michael Homer
    Apr 29 at 7:41












  • yes & is in the output .So how can i check who executed nohup

    – AVS
    Apr 29 at 7:44











  • How did you check the one you quoted? See if there's anything more there.

    – Michael Homer
    Apr 29 at 7:45











  • I checked it using "ps -ef|grep -i nohup"

    – AVS
    Apr 29 at 7:46

















6

















sudo -EH -u someuser nohup sh check.sh &


Above commands runs the process as root instead of the user specified by -u flag.



root 4056 2388 0 13:00 pts/4 00:00:00 sudo -EH -u someuser nohup sh /tmp/check.sh &


Below are the sudoers entry.



Cmnd_Alias SUDO_CMNDS = /bin/echo,/bin/ls,/bin/cat,/bin/vim,/bin/mv,/bin/cp,/bin/rm,/bin/mkdir,/bin/diff,/bin/id,/bin/hostname,/bin/grep,/bin/nohup,/bin/locate,/bin/find,/bin/sed,/bin/awk,/usr/bin/whoami


%sudomygroup ALL=(someuser) NOPASSWD:SETENV: SUDO_CMNDS



Extra output as suggested by @michael homer



$ ps -ef|grep -i check 
root 14260 14090 0 13:20 pts/4 00:00:00 sudo -HE -u someuser nohup sh /tmp/check.sh
someuser 14261 14260 0 13:20 pts/4 00:00:00 sh /tmp/check.sh





linux bash sudo







share|improve this question























  • 1





    Your second quote looks like it's reporting who ran sudo, not nohup.

    – Michael Homer
    Apr 29 at 7:40











  • Also, is the & really included in the output?

    – Michael Homer
    Apr 29 at 7:41












  • yes & is in the output .So how can i check who executed nohup

    – AVS
    Apr 29 at 7:44











  • How did you check the one you quoted? See if there's anything more there.

    – Michael Homer
    Apr 29 at 7:45











  • I checked it using "ps -ef|grep -i nohup"

    – AVS
    Apr 29 at 7:46













6












6








6








sudo -EH -u someuser nohup sh check.sh &


Above commands runs the process as root instead of the user specified by -u flag.



root 4056 2388 0 13:00 pts/4 00:00:00 sudo -EH -u someuser nohup sh /tmp/check.sh &


Below are the sudoers entry.



Cmnd_Alias SUDO_CMNDS = /bin/echo,/bin/ls,/bin/cat,/bin/vim,/bin/mv,/bin/cp,/bin/rm,/bin/mkdir,/bin/diff,/bin/id,/bin/hostname,/bin/grep,/bin/nohup,/bin/locate,/bin/find,/bin/sed,/bin/awk,/usr/bin/whoami


%sudomygroup ALL=(someuser) NOPASSWD:SETENV: SUDO_CMNDS



Extra output as suggested by @michael homer



$ ps -ef|grep -i check 
root 14260 14090 0 13:20 pts/4 00:00:00 sudo -HE -u someuser nohup sh /tmp/check.sh
someuser 14261 14260 0 13:20 pts/4 00:00:00 sh /tmp/check.sh





linux bash sudo







share|improve this question
















sudo -EH -u someuser nohup sh check.sh &


Above commands runs the process as root instead of the user specified by -u flag.



root 4056 2388 0 13:00 pts/4 00:00:00 sudo -EH -u someuser nohup sh /tmp/check.sh &


Below are the sudoers entry.



Cmnd_Alias SUDO_CMNDS = /bin/echo,/bin/ls,/bin/cat,/bin/vim,/bin/mv,/bin/cp,/bin/rm,/bin/mkdir,/bin/diff,/bin/id,/bin/hostname,/bin/grep,/bin/nohup,/bin/locate,/bin/find,/bin/sed,/bin/awk,/usr/bin/whoami


%sudomygroup ALL=(someuser) NOPASSWD:SETENV: SUDO_CMNDS



Extra output as suggested by @michael homer



$ ps -ef|grep -i check 
root 14260 14090 0 13:20 pts/4 00:00:00 sudo -HE -u someuser nohup sh /tmp/check.sh
someuser 14261 14260 0 13:20 pts/4 00:00:00 sh /tmp/check.sh





linux bash sudo




linux bash sudo






share|improve this question















share|improve this question













share|improve this question




share|improve this question



share|improve this question








edited Apr 29 at 7:56









Michael Homer

55.6k9 gold badges156 silver badges191 bronze badges




55.6k9 gold badges156 silver badges191 bronze badges










asked Apr 29 at 7:38









AVSAVS

1131 gold badge1 silver badge9 bronze badges




1131 gold badge1 silver badge9 bronze badges










  • 1





    Your second quote looks like it's reporting who ran sudo, not nohup.

    – Michael Homer
    Apr 29 at 7:40











  • Also, is the & really included in the output?

    – Michael Homer
    Apr 29 at 7:41












  • yes & is in the output .So how can i check who executed nohup

    – AVS
    Apr 29 at 7:44











  • How did you check the one you quoted? See if there's anything more there.

    – Michael Homer
    Apr 29 at 7:45











  • I checked it using "ps -ef|grep -i nohup"

    – AVS
    Apr 29 at 7:46












  • 1





    Your second quote looks like it's reporting who ran sudo, not nohup.

    – Michael Homer
    Apr 29 at 7:40











  • Also, is the & really included in the output?

    – Michael Homer
    Apr 29 at 7:41












  • yes & is in the output .So how can i check who executed nohup

    – AVS
    Apr 29 at 7:44











  • How did you check the one you quoted? See if there's anything more there.

    – Michael Homer
    Apr 29 at 7:45











  • I checked it using "ps -ef|grep -i nohup"

    – AVS
    Apr 29 at 7:46







1




1





Your second quote looks like it's reporting who ran sudo, not nohup.

– Michael Homer
Apr 29 at 7:40





Your second quote looks like it's reporting who ran sudo, not nohup.

– Michael Homer
Apr 29 at 7:40













Also, is the & really included in the output?

– Michael Homer
Apr 29 at 7:41






Also, is the & really included in the output?

– Michael Homer
Apr 29 at 7:41














yes & is in the output .So how can i check who executed nohup

– AVS
Apr 29 at 7:44





yes & is in the output .So how can i check who executed nohup

– AVS
Apr 29 at 7:44













How did you check the one you quoted? See if there's anything more there.

– Michael Homer
Apr 29 at 7:45





How did you check the one you quoted? See if there's anything more there.

– Michael Homer
Apr 29 at 7:45













I checked it using "ps -ef|grep -i nohup"

– AVS
Apr 29 at 7:46





I checked it using "ps -ef|grep -i nohup"

– AVS
Apr 29 at 7:46










1 Answer
1






active

oldest

votes


















16


















This line:



root 4056 2388 0 13:00 pts/4 00:00:00 sudo -EH -u someuser nohup sh /tmp/check.sh


is reporting that sudo ... was run as the root user. That happens because the sudo binary is setuid, and it's expected (regardless of which user asked sudo to run). What you're trying to find out is what user the command that sudo then ran is executing as.



Using ps -ef|grep -i nohup gave you only that single line of output, because when nohup runs it immediately shuts itself off upon executing the command it was asked to run, and then there's no nohup left in the ps output to grep for afterwards.



If you instead search for check.sh, you'll get (at least) two lines of output: the one you already see, and another one that's just for sh /tmp/check.sh:



root 14260 14090 0 13:20 pts/4 00:00:00 sudo -HE -u someuser nohup sh /tmp/check.sh
someuser 14261 14260 0 13:20 pts/4 00:00:00 sh /tmp/check.sh


That shows that the sh command is running as someuser, while sudo is just sitting there waiting for the inner command to finish, still running as root itself.






share|improve this answer























  • 3





    Yes, it does. The "inner" command sh is running as someuser, and the "outer" command sudo is sitting around as root waiting for the inner to finish.

    – Michael Homer
    Apr 29 at 7:57












Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);














draft saved

draft discarded
















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f516113%2fsudo-command-gets-executed-as-root-instead-of-specified-user%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown


























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









16


















This line:



root 4056 2388 0 13:00 pts/4 00:00:00 sudo -EH -u someuser nohup sh /tmp/check.sh


is reporting that sudo ... was run as the root user. That happens because the sudo binary is setuid, and it's expected (regardless of which user asked sudo to run). What you're trying to find out is what user the command that sudo then ran is executing as.



Using ps -ef|grep -i nohup gave you only that single line of output, because when nohup runs it immediately shuts itself off upon executing the command it was asked to run, and then there's no nohup left in the ps output to grep for afterwards.



If you instead search for check.sh, you'll get (at least) two lines of output: the one you already see, and another one that's just for sh /tmp/check.sh:



root 14260 14090 0 13:20 pts/4 00:00:00 sudo -HE -u someuser nohup sh /tmp/check.sh
someuser 14261 14260 0 13:20 pts/4 00:00:00 sh /tmp/check.sh


That shows that the sh command is running as someuser, while sudo is just sitting there waiting for the inner command to finish, still running as root itself.






share|improve this answer























  • 3





    Yes, it does. The "inner" command sh is running as someuser, and the "outer" command sudo is sitting around as root waiting for the inner to finish.

    – Michael Homer
    Apr 29 at 7:57















16


















This line:



root 4056 2388 0 13:00 pts/4 00:00:00 sudo -EH -u someuser nohup sh /tmp/check.sh


is reporting that sudo ... was run as the root user. That happens because the sudo binary is setuid, and it's expected (regardless of which user asked sudo to run). What you're trying to find out is what user the command that sudo then ran is executing as.



Using ps -ef|grep -i nohup gave you only that single line of output, because when nohup runs it immediately shuts itself off upon executing the command it was asked to run, and then there's no nohup left in the ps output to grep for afterwards.



If you instead search for check.sh, you'll get (at least) two lines of output: the one you already see, and another one that's just for sh /tmp/check.sh:



root 14260 14090 0 13:20 pts/4 00:00:00 sudo -HE -u someuser nohup sh /tmp/check.sh
someuser 14261 14260 0 13:20 pts/4 00:00:00 sh /tmp/check.sh


That shows that the sh command is running as someuser, while sudo is just sitting there waiting for the inner command to finish, still running as root itself.






share|improve this answer























  • 3





    Yes, it does. The "inner" command sh is running as someuser, and the "outer" command sudo is sitting around as root waiting for the inner to finish.

    – Michael Homer
    Apr 29 at 7:57













16














16










16









This line:



root 4056 2388 0 13:00 pts/4 00:00:00 sudo -EH -u someuser nohup sh /tmp/check.sh


is reporting that sudo ... was run as the root user. That happens because the sudo binary is setuid, and it's expected (regardless of which user asked sudo to run). What you're trying to find out is what user the command that sudo then ran is executing as.



Using ps -ef|grep -i nohup gave you only that single line of output, because when nohup runs it immediately shuts itself off upon executing the command it was asked to run, and then there's no nohup left in the ps output to grep for afterwards.



If you instead search for check.sh, you'll get (at least) two lines of output: the one you already see, and another one that's just for sh /tmp/check.sh:



root 14260 14090 0 13:20 pts/4 00:00:00 sudo -HE -u someuser nohup sh /tmp/check.sh
someuser 14261 14260 0 13:20 pts/4 00:00:00 sh /tmp/check.sh


That shows that the sh command is running as someuser, while sudo is just sitting there waiting for the inner command to finish, still running as root itself.






share|improve this answer
















This line:



root 4056 2388 0 13:00 pts/4 00:00:00 sudo -EH -u someuser nohup sh /tmp/check.sh


is reporting that sudo ... was run as the root user. That happens because the sudo binary is setuid, and it's expected (regardless of which user asked sudo to run). What you're trying to find out is what user the command that sudo then ran is executing as.



Using ps -ef|grep -i nohup gave you only that single line of output, because when nohup runs it immediately shuts itself off upon executing the command it was asked to run, and then there's no nohup left in the ps output to grep for afterwards.



If you instead search for check.sh, you'll get (at least) two lines of output: the one you already see, and another one that's just for sh /tmp/check.sh:



root 14260 14090 0 13:20 pts/4 00:00:00 sudo -HE -u someuser nohup sh /tmp/check.sh
someuser 14261 14260 0 13:20 pts/4 00:00:00 sh /tmp/check.sh


That shows that the sh command is running as someuser, while sudo is just sitting there waiting for the inner command to finish, still running as root itself.







share|improve this answer















share|improve this answer




share|improve this answer



share|improve this answer








edited Apr 29 at 7:56

























answered Apr 29 at 7:54









Michael HomerMichael Homer

55.6k9 gold badges156 silver badges191 bronze badges




55.6k9 gold badges156 silver badges191 bronze badges










  • 3





    Yes, it does. The "inner" command sh is running as someuser, and the "outer" command sudo is sitting around as root waiting for the inner to finish.

    – Michael Homer
    Apr 29 at 7:57












  • 3





    Yes, it does. The "inner" command sh is running as someuser, and the "outer" command sudo is sitting around as root waiting for the inner to finish.

    – Michael Homer
    Apr 29 at 7:57







3




3





Yes, it does. The "inner" command sh is running as someuser, and the "outer" command sudo is sitting around as root waiting for the inner to finish.

– Michael Homer
Apr 29 at 7:57





Yes, it does. The "inner" command sh is running as someuser, and the "outer" command sudo is sitting around as root waiting for the inner to finish.

– Michael Homer
Apr 29 at 7:57


















draft saved

draft discarded















































Thanks for contributing an answer to Unix & Linux Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f516113%2fsudo-command-gets-executed-as-root-instead-of-specified-user%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown









-

Popular posts from this blog

Distance measures on a map of a game The 2019 Stack Overflow Developer Survey Results Are Inmin distance in a graphShortest distance path on contour plotHow to plot a tilted map?Finding points outside of a diskDelaunay link distanceAnnulus from GeoDisks: drawing a ring on a mapNegative Correlation DistanceFind distance along a path (GPS coordinates)Finding position at given distance in a GeoPathMathematics behind distance estimation using camera

Image
Delete all lines which don't have n characters before delimiter How to manage monthly salary Deal with toxic manager when you can't quit Button changing it's text & action. Good or terrible? For what reasons would an animal species NOT cross a *horizontal* land bridge? Why do some words that are not inflected have an umlaut? Are there any other methods to apply to solving simultaneous equations? Does a dangling wire really electrocute me if I'm standing in water? Right tool to dig six foot holes? Is there a symbol for a right arrow with a square in the middle? Can a rogue use sneak attack with weapons that have the thrown property even if they are not thrown? What is the motivation for a law requiring 2 parties to consent for recording a conversation What is the accessibility of a package's `Private` context variables? Is "plugging out" electronic devices an American expression? Is there any way to tell whether the shot is g...
Read more

How to get a smooth, uniform ParametricPlot of a 2D Region?How to plot a complicated Region?How to exclude a region from ParametricPlotHow discretize a region placing vertices on a specific non-uniform gridHow to transform a Plot or a ParametricPlot into a RegionHow can I get a smooth plot of a bounded region?Smooth ParametricPlot3D with RegionFunction?Smooth border of a region ParametricPlotSmooth region boundarySmooth region plot from list of pointsGet minimum y of a certain x in a region

Image
Did "2001: A Space Odyssey" make any reference to the names of companies, or show any evidence of the existence of advertisements? Pros and cons of playing correspondence chess How do professors and lecturers learn to teach? Is it OK for a Buddhist teacher to charge their students an hourly rate for their time? Do insurance rates depend on credit scores? Why does California seem to have much more aggressive Consumer Protection and Safety Legislation? Query more than 50000 records Is this medieval picture of hanging 5 royals showing an historical event? Film about the USA being run by fake videos of the president after his kidnapping Is American Express widely accepted in Hong Kong? How many atoms in the hydrocarbon? How do you give spell casters xp? If a picture of a screen is a screenshot, what is a video of a screen? Is there any plausible in-between of Endotherms and Ectotherms? How can we save ourselves from large drops in stock price? How wo...
Read more

Genealogie vun de Merowenger Vum Merowech bis zum Chilperich I. | Navigatiounsmenü

Image
Merowenger MëttelalterFrankräich Genealogie vun de Merowenger Vu Wikipedia Op d'Navigatioun wiesselen Op d'Siche wiesselen D' Merowenger waren en Adelsgeschlecht, dat am fréie Mëttelalter a Frankräich geherrscht huet. Vum Merowech bis zum Chilperich I. | Merowech, ëm 451 Childerich I., † 482, als Kinnek vun de Franken 463 an 489 attestéiert, bei Tournai begruewen; ∞ Basina aus Thüringen Clovis I. (Chlodowech, Chlodwig), * 466, † 27. November 511, 482 Kinnek vun de Franken, begruewen an der Apostelkierch zu Paräis; ∞ I NN, eng adleg Fränkin; ∞ II 492/494 Chlothilde (Chrodihild), † 544, Duechter vum Chilperich II., Kinnek vun de Burgunder, begruewen an der Apostelkierch zu Paräis (I) Theuderich I. (Thierry I.), * géint 484, † Enn 533, Kinnek zu Reims 511-533; ∞ I Suavegotta, † virun 566; ∞ II ëm 517 NN, Duechter vum Sigismund...
Read more