su to another user after logging into server as non root.

Advertisement

tdecoursey
Joined:
Posts:
7

su to another user after logging into server as non root.

Is it possible to su to root or another user during a initial login session to a server?

More specifically, I login as my username/password to a server. But with this login, I am unable to copy or edit files. So I need to login again to a another user, eg su -username/password.

Is this configurable in WinSCP 5.1.8?

Reply with quote

Advertisement

tdecoursey
Joined:
Posts:
7

Thank you. I had already read this. I tried but I was not sure I was toggling the correct config. Regardless, what I did toggle did not work. I also tried using tunneling with my Id, and then entering a root id afterwards, still no go. If you have some screenshots on how to do this, that would help.
Again, to recap, I am able to, and have to login with my stnadard user id, but then need to su to root afterwards or configure the tool to do it for me during a full login session.
Thanks.

Reply with quote

tdecoursey

Clarity

I guess I should have been more clear. The access I am looking for after my initial login is not root. It's a group user with more permissions but not root.
So the question remains, can I log in again, eg su to another user during the initial login session or afterwards?
Thanks.

Reply with quote

Advertisement

tdecoursey

The link does not provide a solution outside of sudo which I can not use.
Is there another solution. Can I add my own command line somewhere that would not use sudo su, rather just su?

Reply with quote

tdecoursey
Joined:
Posts:
7

Two logins, one server

I have hundreds of servers I access daily. Each one requires me to login as my name/password
tdecoursey/passwd.
However, after that session begins, I can't do anything but copy files into my user directory. So I need to login again as admin.
su - admin
passwd
My question is and has always been, does WinSCP allow you to do do an initial log in and then a subsequent login. Keep in mind, this is not sudo, it's su to another profile and connecting as that profile.
Thanks.

Reply with quote

tdecoursey
Joined:
Posts:
7

Attached file with more details.

I have attached a file with screenshots. You will have to unzip it.
I am hoping for screenshots back as a solution.
If you cant provide a solution with screenshots, just simply post. "no solution available"
Thanks.

Reply with quote

Advertisement

tdecoursey

Solution requires screenshots

You provided a solution a while back but you didn't provide screenshots of the use case. So if your just blowing this issue off, then just say so.
We have provided documentation, screenshots, etc and you have provided nothing but a doc someone else wrote that is as generic as a can of peas.

Reply with quote

tfecw
Guest

Re: Two logins, one server

I've been trying to figure this out off and on for a while. Naturally I'm searching the web. I can't tell you how frustrating it is to see this question asked at least 5+ times and to see your answer of 'RTFM' Clearly, the documentation is not sufficient otherwise the same question wouldn't keep coming up.

Reply with quote

martin
Site Admin
martin avatar

Re: Two logins, one server

You have to understand that this is server-side problem and not client-side. So the documentation we provide here cannot be too specific as the solution differs with the server.

Reply with quote

Advertisement

steflexx
Joined:
Posts:
1

Re: su to another user after logging into server as non root.

What can I do, if I am not allowed to set NOPASSWD in /etc/sudoers?
Is there a chance for WinSCP to ask for the sudo password while changing the user? I mean, the error message says "no tty present and no askpass program specified".
Is it possible to "configure" an askpass program in WinSCP?
Due to security reasons we are not allowed to set NOPASSWD, BUTTTTTTT we know the sudo password and if WinSCP allows us to enter the password during conversation everything would be fine an even the userchange can happen without editing the /etc/sudoers.
I am looking forward for your help. Thanxx

Reply with quote

martin
Site Admin
martin avatar

Re: su to another user after logging into server as non root.

@steflexx: TTY is incompatible with SFTP protocol. And askpass program must be server-side, not client-side.
Theoretically, WinSCP could ask for the password. But TTY must be disabled in any case. And that also requires a change in sudoers.

Reply with quote

tedious
Guest

How to sudo as a different user in WinSCP

Posting the solution as obviously the top result for searching online falls on an admin that is unable to provide the simple answer...
Quick answer:
sudo -u RunAsUser /path/to/sftp-server
To locate /path/to/sftp-server:
locate sftp-server
which sftp-server
If both command fails, try the paths in the doc: https://winscp.net/eng/docs/faq_su

Long answer:
Basically the SFTP server field in Advanced Settings is a command line, so you only need to add the command to sudo as another user.

What is suggested in the official doc is to just elevate sftp-server permission to root (default value if -u is not provided). As -u is not required for root, it can get confusing as to how to set up the connection as another user.
  • Elevate sftp-server to root permission.
    Requires the permission to be set in sudoers.conf
    sudo /path/to/sftp-server
  • Elevate sftp-server to another user permission
    Requires the permission to be set in sudoers.conf
    sudo -u RunAsUser /path/to/sftp-server
  • Another command that I found being passed around is
    sudo su RunAsUser -c /path/to/sftp-server
    It achieves the same thing in a different manners. Either worked for me.

Snag_222f46e7.png

Reply with quote

martin
Site Admin
martin avatar

Re: How to sudo as a different user in WinSCP

@tedious: Thanks for sharing you findings.
Though note that @tdecoursey obviously knows how to switch the user in shell. So the problem was not learning about the -u switch or sudo su or in general what command to use.
That's why I do not understand what the problem was about.

Reply with quote

Advertisement

summej
Joined:
Posts:
1
Location:
canada

Re: How to sudo as a different user in WinSCP

Hello team,

I am using latest WinSCP v5.21.5 on my Win10 box.

I try to connect to a Linux (Red Hat 8) box. From ssh command line, I can login as a user A , which has (ALL) NOPASSWD: ALL permission. Then sudo to another non-root user B, without pwd. For example, as user A, I can run sudo -u userB whoami without pwd.

Now I wish to use WinSCP to login as A and sudo to B, then r/w files owned by B.

With WinSCP, if i use "File protocol=SFTP" => Advanced Environment, SFTP,"SFTP server = "default" or /usr/libexec/openssh/sftp-server, I can access directly as user A no problem.

I have tried to use "File protocol=SFTP" => Advanced Environment, SFTP, SFTP server = sudo -u userB /usr/libexec/openssh/sftp-server or sudo /usr/libexec/openssh/sftp-server.

Then I am getting "Connection has been unexpectedly closed error" with "Cannot initialize SFTP protocol. Is the host running an SFTP server?" msg.

It is definitely not pwd wrong issue. If I use wrong pwd, I will get "Access Denied" first.

Thank you for any advice.

Reply with quote

martin
Site Admin
martin avatar

Re: How to sudo as a different user in WinSCP

@summej: Did you check SSH server log file?
What happens if you run sudo -u userB /usr/libexec/openssh/sftp-server or sudo /usr/libexec/openssh/sftp-server in shell?

Reply with quote

Guest

Re: How to sudo as a different user in WinSCP

When I run sudo -u userB /usr/libexec/openssh/sftp-server from command line, it started a sftp-server process as userB. When I Ctrl-C, I quit from the command and the proc is gone.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,285
Location:
Prague, Czechia

Re: How to sudo as a different user in WinSCP

@Guest: Ok, and what if you do this from the local machine?
ssh userA@example.com sudo -u userB /usr/libexec/openssh/sftp-server

Reply with quote

Advertisement

Guest

Re: How to sudo as a different user in WinSCP

If I run exactly this command:
ssh 424956@merch1as1uu sudo -u aabchua1 /usr/libexec/openssh/sftp-server
sudo: sorry, you must have a tty to run sudo
I have to use -t option for ssh, than that works:
ssh -t 424956@merch1as1uu sudo -u aabchua1 /usr/libexec/openssh/sftp-server

Reply with quote

Guest

Re: How to sudo as a different user in WinSCP

Thanks it works after I comment out the Defaults requiretty in /etc/sudoers. This is a RHEL6 box. By default the TTY is "required".

Sems RHEL7/8 boxes do not requiretty anymore. That is why they are all good.

Thank you so much for your assistance!

Reply with quote

Advertisement

You can post new topics in this forum