su to another user after logging into server as non root.

Advertisement

tdecoursey
Joined:
Posts:
7

su to another user after logging into server as non root.

Is it possible to su to root or another user during a initial login session to a server?

More specifically, I login as my username/password to a server. But with this login, I am unable to copy or edit files. So I need to login again to a another user, eg su -username/password.

Is this configurable in WinSCP 5.1.8?

Reply with quote

Advertisement

tdecoursey
Joined:
Posts:
7

Thank you. I had already read this. I tried but I was not sure I was toggling the correct config. Regardless, what I did toggle did not work. I also tried using tunneling with my Id, and then entering a root id afterwards, still no go. If you have some screenshots on how to do this, that would help.
Again, to recap, I am able to, and have to login with my stnadard user id, but then need to su to root afterwards or configure the tool to do it for me during a full login session.
Thanks.

Reply with quote

tdecoursey

Clarity

I guess I should have been more clear. The access I am looking for after my initial login is not root. It's a group user with more permissions but not root.
So the question remains, can I log in again, eg su to another user during the initial login session or afterwards?
Thanks.

Reply with quote

Advertisement

tdecoursey

The link does not provide a solution outside of sudo which I can not use.
Is there another solution. Can I add my own command line somewhere that would not use sudo su, rather just su?

Reply with quote

tdecoursey
Joined:
Posts:
7

Two logins, one server

I have hundreds of servers I access daily. Each one requires me to login as my name/password
tdecoursey/passwd.
However, after that session begins, I can't do anything but copy files into my user directory. So I need to login again as admin.
su - admin
passwd
My question is and has always been, does WinSCP allow you to do do an initial log in and then a subsequent login. Keep in mind, this is not sudo, it's su to another profile and connecting as that profile.
Thanks.

Reply with quote

tdecoursey
Joined:
Posts:
7

Attached file with more details.

I have attached a file with screenshots. You will have to unzip it.
I am hoping for screenshots back as a solution.
If you cant provide a solution with screenshots, just simply post. "no solution available"
Thanks.

Reply with quote

Advertisement

tdecoursey

Solution requires screenshots

You provided a solution a while back but you didn't provide screenshots of the use case. So if your just blowing this issue off, then just say so.
We have provided documentation, screenshots, etc and you have provided nothing but a doc someone else wrote that is as generic as a can of peas.

Reply with quote

tfecw
Guest

Re: Two logins, one server

I've been trying to figure this out off and on for a while. Naturally I'm searching the web. I can't tell you how frustrating it is to see this question asked at least 5+ times and to see your answer of 'RTFM' Clearly, the documentation is not sufficient otherwise the same question wouldn't keep coming up.

Reply with quote

martin
Site Admin
martin avatar

Re: Two logins, one server

You have to understand that this is server-side problem and not client-side. So the documentation we provide here cannot be too specific as the solution differs with the server.

Reply with quote

Advertisement

steflexx
Joined:
Posts:
1

Re: su to another user after logging into server as non root.

What can I do, if I am not allowed to set NOPASSWD in /etc/sudoers?
Is there a chance for WinSCP to ask for the sudo password while changing the user? I mean, the error message says "no tty present and no askpass program specified".
Is it possible to "configure" an askpass program in WinSCP?
Due to security reasons we are not allowed to set NOPASSWD, BUTTTTTTT we know the sudo password and if WinSCP allows us to enter the password during conversation everything would be fine an even the userchange can happen without editing the /etc/sudoers.
I am looking forward for your help. Thanxx

Reply with quote

martin
Site Admin
martin avatar

Re: su to another user after logging into server as non root.

@steflexx: TTY is incompatible with SFTP protocol. And askpass program must be server-side, not client-side.
Theoretically, WinSCP could ask for the password. But TTY must be disabled in any case. And that also requires a change in sudoers.

Reply with quote

tedious
Guest

How to sudo as a different user in WinSCP

Posting the solution as obviously the top result for searching online falls on an admin that is unable to provide the simple answer...
Quick answer:
sudo -u RunAsUser /path/to/sftp-server
To locate /path/to/sftp-server:
locate sftp-server
which sftp-server
If both command fails, try the paths in the doc: https://winscp.net/eng/docs/faq_su

Long answer:
Basically the SFTP server field in Advanced Settings is a command line, so you only need to add the command to sudo as another user.

What is suggested in the official doc is to just elevate sftp-server permission to root (default value if -u is not provided). As -u is not required for root, it can get confusing as to how to set up the connection as another user.
  • Elevate sftp-server to root permission.
    Requires the permission to be set in sudoers.conf
    sudo /path/to/sftp-server
  • Elevate sftp-server to another user permission
    Requires the permission to be set in sudoers.conf
    sudo -u RunAsUser /path/to/sftp-server
  • Another command that I found being passed around is
    sudo su RunAsUser -c /path/to/sftp-server
    It achieves the same thing in a different manners. Either worked for me.

Snag_222f46e7.png

Reply with quote

martin
Site Admin
martin avatar

Re: How to sudo as a different user in WinSCP

@tedious: Thanks for sharing you findings.
Though note that @tdecoursey obviously knows how to switch the user in shell. So the problem was not learning about the -u switch or sudo su or in general what command to use.
That's why I do not understand what the problem was about.

Reply with quote

Advertisement

You can post new topics in this forum