Bash: How to execute from root account a script as another user

There are times that you need to execute a script as another user, usually to make sure you do not mess up the access rights of the files that will be produced after the execution of the script.

An easy way to do it is using the command su (su allows to run commands with a substitute user and group ID).

An example would be to use it as su - <USER> -c "<COMMAND>
The –  <USER> will start the shell as a login shell with an environment similar to a real login.
The -c “<COMMAND>” will pass the command after -c to the newly created shell, you should wrap it in quotes if you want to pass parameters to your command.

Linux: Check if a User or a Group Exists 2

You can find out if user exists by searching in the /etc/passwd file using the following command:

egrep -i "^useraccount:" /etc/passwd

The above command will print the matching record from /etc/passwd if the user exists or nothing if the user does not exist.
The ^ symbol is used to make sure there is no characters before the username and the : character is used as the delimiter in the file (which indicates the end of the username). By wrapping the username with these characters we are sure that if we matched a record, we matched the correct record with the full username.

A very simple way to use this code in a script is by utilizing the $? (question mark) variable. The question mark variable contains the exit status of the last command that executed. Specifically, egrep will return 0 if there was a match or else it will return a a positive number (usually 1).
Taking advantage of this behavior, after executing the above command, we check the $? variable to see the result with an if statement.

egrep -i "^useraccount:" /etc/passwd;
if [ $? -eq 0 ]; then
   echo "User Exists"
   echo "User does not exist -- Invalid Username"

You can also find out if a group exists by searching in the /etc/group file. Similar to the approach we showed before, we can check if a group exists using the following:

egrep -i "^groupname" /etc/group;
if [ $? -eq 0 ]; then
   echo "Group Exists"
   echo "Group does not exist -- Invalid Group name"


gpasswd group
gpasswd -a useraccount groupname
gpasswd -d useraccount groupname
gpasswd -R groupname
gpasswd -r groupname
gpasswd [-A useraccount,...] [-M useraccount ,...] groupname

gpasswd is used to administer the /etc/group file (and /etc/gshadow file if compiled with SHADOWGRP defined).
System administrator can use:
-A option to define group administrator(s)
-M option to define members and has all rights of group administrators and members.

Group administrator can use:
-a to add users
-d to delete users.

Administrators can use:
-r option to remove group password. When no password is set only group members can use newgrp to join the group.
-R disables access to the group through newgrp command.

gpasswd called by a group administrator with group name only prompts for the group password. If password is set the members can still newgrp without a password, non-members must supply the password.

Add an existing user to an existing group

Add an existing user to secondary/supplementary user group using the -a option

usermod -a -G groupname useraccount;

The usermod command is a Linux utility used to modify the user account information stored in the /etc/passwd and /etc/group files. The -a option is used to append the specified user account to the specified group. The -G option is used to specify the group name that the user account will be added to. The groupname argument is the name of the group that the user account will be added to, and the useraccount argument is the name of the user account that will be added to the group.

In this command, the user account specified by “useraccount” will be added to the group specified by “groupname”. The -a option ensures that the user account will be added to the specified group without removing it from any other groups it may belong to. The -G option specifies that the user account will be added to the specified group as a secondary group.

Once the user account has been added to the specified group, it will have the permissions and access rights associated with that group. For example, if the group has permissions to read and write to certain files or directories, then the user account will also have these permissions once it has been added to the group.

It’s important to note that changes made with the “usermod” command are not applied immediately. The changes will take effect after the next time the user logs in or after a system reboot. Additionally, it’s important to use this command with caution as adding a user to the wrong group could grant unintended access rights to sensitive information.

In conclusion, the usermod -a -G groupname useraccount command is a useful tool for managing user accounts and group memberships in Linux systems. By adding a user account to a specific group, administrators can grant the user access to specific resources and permissions, making it easier to manage and control access to resources on a system.