How to run command as a different user when there are no sudo or su commands

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;







up vote
0
down vote

favorite












I have this quite unusual condition here. I have a old linux system that has no sudo or su commands. I do not have physical access to this computer so I cannot login as another user.



Linux kernel is 2.6.18-498 and the system is a red-hat 4.1.2-55.



I can go to the /bin directory and can say for sure there are no su or sudo binaries there. So this is not the case of PATH variables misconfigaration.



Also this is a web server so maybe it is configured this way. Is there any way to run a command as a different user? Any help would be appreciated.







share|improve this question





















  • sudo may be in /usr/bin.
    – ctrl-alt-delor
    Jul 27 at 15:39






  • 1




    find / -name 'su*' -print
    – roaima
    Jul 27 at 15:39










  • The su is not present in the /usr/bin either. find / -name "su*" does not give the location of su just some gibberish files. I am pretty sure su is not present
    – Gnik
    Jul 27 at 15:44











  • find / -executable -type f -name 'su*' -print 2>/dev/null will give a more concise list: no directories, and only executables.
    – ctrl-alt-delor
    Jul 27 at 15:54










  • Okay I executed the find with the given options and still there is no su binary anywere. I strongly think there is no binary su here.
    – Gnik
    Jul 27 at 15:58

















up vote
0
down vote

favorite












I have this quite unusual condition here. I have a old linux system that has no sudo or su commands. I do not have physical access to this computer so I cannot login as another user.



Linux kernel is 2.6.18-498 and the system is a red-hat 4.1.2-55.



I can go to the /bin directory and can say for sure there are no su or sudo binaries there. So this is not the case of PATH variables misconfigaration.



Also this is a web server so maybe it is configured this way. Is there any way to run a command as a different user? Any help would be appreciated.







share|improve this question





















  • sudo may be in /usr/bin.
    – ctrl-alt-delor
    Jul 27 at 15:39






  • 1




    find / -name 'su*' -print
    – roaima
    Jul 27 at 15:39










  • The su is not present in the /usr/bin either. find / -name "su*" does not give the location of su just some gibberish files. I am pretty sure su is not present
    – Gnik
    Jul 27 at 15:44











  • find / -executable -type f -name 'su*' -print 2>/dev/null will give a more concise list: no directories, and only executables.
    – ctrl-alt-delor
    Jul 27 at 15:54










  • Okay I executed the find with the given options and still there is no su binary anywere. I strongly think there is no binary su here.
    – Gnik
    Jul 27 at 15:58













up vote
0
down vote

favorite









up vote
0
down vote

favorite











I have this quite unusual condition here. I have a old linux system that has no sudo or su commands. I do not have physical access to this computer so I cannot login as another user.



Linux kernel is 2.6.18-498 and the system is a red-hat 4.1.2-55.



I can go to the /bin directory and can say for sure there are no su or sudo binaries there. So this is not the case of PATH variables misconfigaration.



Also this is a web server so maybe it is configured this way. Is there any way to run a command as a different user? Any help would be appreciated.







share|improve this question













I have this quite unusual condition here. I have a old linux system that has no sudo or su commands. I do not have physical access to this computer so I cannot login as another user.



Linux kernel is 2.6.18-498 and the system is a red-hat 4.1.2-55.



I can go to the /bin directory and can say for sure there are no su or sudo binaries there. So this is not the case of PATH variables misconfigaration.



Also this is a web server so maybe it is configured this way. Is there any way to run a command as a different user? Any help would be appreciated.









share|improve this question












share|improve this question




share|improve this question








edited Jul 27 at 15:40









ctrl-alt-delor

8,54031946




8,54031946









asked Jul 27 at 15:35









Gnik

32




32











  • sudo may be in /usr/bin.
    – ctrl-alt-delor
    Jul 27 at 15:39






  • 1




    find / -name 'su*' -print
    – roaima
    Jul 27 at 15:39










  • The su is not present in the /usr/bin either. find / -name "su*" does not give the location of su just some gibberish files. I am pretty sure su is not present
    – Gnik
    Jul 27 at 15:44











  • find / -executable -type f -name 'su*' -print 2>/dev/null will give a more concise list: no directories, and only executables.
    – ctrl-alt-delor
    Jul 27 at 15:54










  • Okay I executed the find with the given options and still there is no su binary anywere. I strongly think there is no binary su here.
    – Gnik
    Jul 27 at 15:58

















  • sudo may be in /usr/bin.
    – ctrl-alt-delor
    Jul 27 at 15:39






  • 1




    find / -name 'su*' -print
    – roaima
    Jul 27 at 15:39










  • The su is not present in the /usr/bin either. find / -name "su*" does not give the location of su just some gibberish files. I am pretty sure su is not present
    – Gnik
    Jul 27 at 15:44











  • find / -executable -type f -name 'su*' -print 2>/dev/null will give a more concise list: no directories, and only executables.
    – ctrl-alt-delor
    Jul 27 at 15:54










  • Okay I executed the find with the given options and still there is no su binary anywere. I strongly think there is no binary su here.
    – Gnik
    Jul 27 at 15:58
















sudo may be in /usr/bin.
– ctrl-alt-delor
Jul 27 at 15:39




sudo may be in /usr/bin.
– ctrl-alt-delor
Jul 27 at 15:39




1




1




find / -name 'su*' -print
– roaima
Jul 27 at 15:39




find / -name 'su*' -print
– roaima
Jul 27 at 15:39












The su is not present in the /usr/bin either. find / -name "su*" does not give the location of su just some gibberish files. I am pretty sure su is not present
– Gnik
Jul 27 at 15:44





The su is not present in the /usr/bin either. find / -name "su*" does not give the location of su just some gibberish files. I am pretty sure su is not present
– Gnik
Jul 27 at 15:44













find / -executable -type f -name 'su*' -print 2>/dev/null will give a more concise list: no directories, and only executables.
– ctrl-alt-delor
Jul 27 at 15:54




find / -executable -type f -name 'su*' -print 2>/dev/null will give a more concise list: no directories, and only executables.
– ctrl-alt-delor
Jul 27 at 15:54












Okay I executed the find with the given options and still there is no su binary anywere. I strongly think there is no binary su here.
– Gnik
Jul 27 at 15:58





Okay I executed the find with the given options and still there is no su binary anywere. I strongly think there is no binary su here.
– Gnik
Jul 27 at 15:58











2 Answers
2






active

oldest

votes

















up vote
1
down vote



accepted










See if you have any remote login services running (in.telnetd, rlogind, sshd) and then run the appropriate login command to the localhost (127.0.0.1). For example if you have sshd then do:



$ ssh root@127.0.0.1


With telnet you'd run:



$ telnet -l root 127.0.0.1


And with rlogin you'd run:



$ rlogin -l root 127.0.0.1





share|improve this answer





















  • This worked for me sshd works. Thank you. I didn't think of services running. Stupid me!
    – Gnik
    Jul 27 at 17:28

















up vote
0
down vote













Any command with set-uid, or set gid-bit, set. Will be run as the owning user or group. However if they are written properly, they will not let you do anything that you should not. sudo and su only allow you to do anything of significance if you provide the correct password. Most other tools will just do one thing safely, but not allow you to escalate privileges.



However if you can write to the storage, as root (by removing media, and inserting into another machine, or booting into a different OS), then you can add the files that you need, with the appropriate permission.



Executables with set-uid/set-gid bits, are the only way of escalating privilege in Unix systems (The modern systems now have capabilities, but these amount to the same thing).



The kernel does not use passwords, so to implement passwords, an executable with root owner and set-uid bit set, is created. This executable will check the password, and then set the user appropriately, and start a shell (or something).



Supposing there is no use of capabilities, then find / -executable -type f -user root -perm -u+s -print 2>/dev/null will list all executables that elevate permission (at least temporarily), most (maybe all) will be useless.






share|improve this answer























  • I have the root password. I just need a way to change to the root user.
    – Gnik
    Jul 27 at 15:46











  • I am pretty familiar with suid bits. I can assure you that there is no privilege escalation executables here. (I think there should not be any for security reason anyway) Searching for files with suid bit either returns files which I myself am the owner of (so no use) or lists the directories I do not have permissions to view.
    – Gnik
    Jul 27 at 16:09











Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);








 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f458877%2fhow-to-run-command-as-a-different-user-when-there-are-no-sudo-or-su-commands%23new-answer', 'question_page');

);

Post as a guest






























2 Answers
2






active

oldest

votes








2 Answers
2






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
1
down vote



accepted










See if you have any remote login services running (in.telnetd, rlogind, sshd) and then run the appropriate login command to the localhost (127.0.0.1). For example if you have sshd then do:



$ ssh root@127.0.0.1


With telnet you'd run:



$ telnet -l root 127.0.0.1


And with rlogin you'd run:



$ rlogin -l root 127.0.0.1





share|improve this answer





















  • This worked for me sshd works. Thank you. I didn't think of services running. Stupid me!
    – Gnik
    Jul 27 at 17:28














up vote
1
down vote



accepted










See if you have any remote login services running (in.telnetd, rlogind, sshd) and then run the appropriate login command to the localhost (127.0.0.1). For example if you have sshd then do:



$ ssh root@127.0.0.1


With telnet you'd run:



$ telnet -l root 127.0.0.1


And with rlogin you'd run:



$ rlogin -l root 127.0.0.1





share|improve this answer





















  • This worked for me sshd works. Thank you. I didn't think of services running. Stupid me!
    – Gnik
    Jul 27 at 17:28












up vote
1
down vote



accepted







up vote
1
down vote



accepted






See if you have any remote login services running (in.telnetd, rlogind, sshd) and then run the appropriate login command to the localhost (127.0.0.1). For example if you have sshd then do:



$ ssh root@127.0.0.1


With telnet you'd run:



$ telnet -l root 127.0.0.1


And with rlogin you'd run:



$ rlogin -l root 127.0.0.1





share|improve this answer













See if you have any remote login services running (in.telnetd, rlogind, sshd) and then run the appropriate login command to the localhost (127.0.0.1). For example if you have sshd then do:



$ ssh root@127.0.0.1


With telnet you'd run:



$ telnet -l root 127.0.0.1


And with rlogin you'd run:



$ rlogin -l root 127.0.0.1






share|improve this answer













share|improve this answer



share|improve this answer











answered Jul 27 at 16:45









tk421

2168




2168











  • This worked for me sshd works. Thank you. I didn't think of services running. Stupid me!
    – Gnik
    Jul 27 at 17:28
















  • This worked for me sshd works. Thank you. I didn't think of services running. Stupid me!
    – Gnik
    Jul 27 at 17:28















This worked for me sshd works. Thank you. I didn't think of services running. Stupid me!
– Gnik
Jul 27 at 17:28




This worked for me sshd works. Thank you. I didn't think of services running. Stupid me!
– Gnik
Jul 27 at 17:28












up vote
0
down vote













Any command with set-uid, or set gid-bit, set. Will be run as the owning user or group. However if they are written properly, they will not let you do anything that you should not. sudo and su only allow you to do anything of significance if you provide the correct password. Most other tools will just do one thing safely, but not allow you to escalate privileges.



However if you can write to the storage, as root (by removing media, and inserting into another machine, or booting into a different OS), then you can add the files that you need, with the appropriate permission.



Executables with set-uid/set-gid bits, are the only way of escalating privilege in Unix systems (The modern systems now have capabilities, but these amount to the same thing).



The kernel does not use passwords, so to implement passwords, an executable with root owner and set-uid bit set, is created. This executable will check the password, and then set the user appropriately, and start a shell (or something).



Supposing there is no use of capabilities, then find / -executable -type f -user root -perm -u+s -print 2>/dev/null will list all executables that elevate permission (at least temporarily), most (maybe all) will be useless.






share|improve this answer























  • I have the root password. I just need a way to change to the root user.
    – Gnik
    Jul 27 at 15:46











  • I am pretty familiar with suid bits. I can assure you that there is no privilege escalation executables here. (I think there should not be any for security reason anyway) Searching for files with suid bit either returns files which I myself am the owner of (so no use) or lists the directories I do not have permissions to view.
    – Gnik
    Jul 27 at 16:09















up vote
0
down vote













Any command with set-uid, or set gid-bit, set. Will be run as the owning user or group. However if they are written properly, they will not let you do anything that you should not. sudo and su only allow you to do anything of significance if you provide the correct password. Most other tools will just do one thing safely, but not allow you to escalate privileges.



However if you can write to the storage, as root (by removing media, and inserting into another machine, or booting into a different OS), then you can add the files that you need, with the appropriate permission.



Executables with set-uid/set-gid bits, are the only way of escalating privilege in Unix systems (The modern systems now have capabilities, but these amount to the same thing).



The kernel does not use passwords, so to implement passwords, an executable with root owner and set-uid bit set, is created. This executable will check the password, and then set the user appropriately, and start a shell (or something).



Supposing there is no use of capabilities, then find / -executable -type f -user root -perm -u+s -print 2>/dev/null will list all executables that elevate permission (at least temporarily), most (maybe all) will be useless.






share|improve this answer























  • I have the root password. I just need a way to change to the root user.
    – Gnik
    Jul 27 at 15:46











  • I am pretty familiar with suid bits. I can assure you that there is no privilege escalation executables here. (I think there should not be any for security reason anyway) Searching for files with suid bit either returns files which I myself am the owner of (so no use) or lists the directories I do not have permissions to view.
    – Gnik
    Jul 27 at 16:09













up vote
0
down vote










up vote
0
down vote









Any command with set-uid, or set gid-bit, set. Will be run as the owning user or group. However if they are written properly, they will not let you do anything that you should not. sudo and su only allow you to do anything of significance if you provide the correct password. Most other tools will just do one thing safely, but not allow you to escalate privileges.



However if you can write to the storage, as root (by removing media, and inserting into another machine, or booting into a different OS), then you can add the files that you need, with the appropriate permission.



Executables with set-uid/set-gid bits, are the only way of escalating privilege in Unix systems (The modern systems now have capabilities, but these amount to the same thing).



The kernel does not use passwords, so to implement passwords, an executable with root owner and set-uid bit set, is created. This executable will check the password, and then set the user appropriately, and start a shell (or something).



Supposing there is no use of capabilities, then find / -executable -type f -user root -perm -u+s -print 2>/dev/null will list all executables that elevate permission (at least temporarily), most (maybe all) will be useless.






share|improve this answer















Any command with set-uid, or set gid-bit, set. Will be run as the owning user or group. However if they are written properly, they will not let you do anything that you should not. sudo and su only allow you to do anything of significance if you provide the correct password. Most other tools will just do one thing safely, but not allow you to escalate privileges.



However if you can write to the storage, as root (by removing media, and inserting into another machine, or booting into a different OS), then you can add the files that you need, with the appropriate permission.



Executables with set-uid/set-gid bits, are the only way of escalating privilege in Unix systems (The modern systems now have capabilities, but these amount to the same thing).



The kernel does not use passwords, so to implement passwords, an executable with root owner and set-uid bit set, is created. This executable will check the password, and then set the user appropriately, and start a shell (or something).



Supposing there is no use of capabilities, then find / -executable -type f -user root -perm -u+s -print 2>/dev/null will list all executables that elevate permission (at least temporarily), most (maybe all) will be useless.







share|improve this answer















share|improve this answer



share|improve this answer








edited Jul 27 at 16:02


























answered Jul 27 at 15:44









ctrl-alt-delor

8,54031946




8,54031946











  • I have the root password. I just need a way to change to the root user.
    – Gnik
    Jul 27 at 15:46











  • I am pretty familiar with suid bits. I can assure you that there is no privilege escalation executables here. (I think there should not be any for security reason anyway) Searching for files with suid bit either returns files which I myself am the owner of (so no use) or lists the directories I do not have permissions to view.
    – Gnik
    Jul 27 at 16:09

















  • I have the root password. I just need a way to change to the root user.
    – Gnik
    Jul 27 at 15:46











  • I am pretty familiar with suid bits. I can assure you that there is no privilege escalation executables here. (I think there should not be any for security reason anyway) Searching for files with suid bit either returns files which I myself am the owner of (so no use) or lists the directories I do not have permissions to view.
    – Gnik
    Jul 27 at 16:09
















I have the root password. I just need a way to change to the root user.
– Gnik
Jul 27 at 15:46





I have the root password. I just need a way to change to the root user.
– Gnik
Jul 27 at 15:46













I am pretty familiar with suid bits. I can assure you that there is no privilege escalation executables here. (I think there should not be any for security reason anyway) Searching for files with suid bit either returns files which I myself am the owner of (so no use) or lists the directories I do not have permissions to view.
– Gnik
Jul 27 at 16:09





I am pretty familiar with suid bits. I can assure you that there is no privilege escalation executables here. (I think there should not be any for security reason anyway) Searching for files with suid bit either returns files which I myself am the owner of (so no use) or lists the directories I do not have permissions to view.
– Gnik
Jul 27 at 16:09













 

draft saved


draft discarded


























 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f458877%2fhow-to-run-command-as-a-different-user-when-there-are-no-sudo-or-su-commands%23new-answer', 'question_page');

);

Post as a guest













































































Popular posts from this blog

How to check contact read email or not when send email to Individual?

Displaying single band from multi-band raster using QGIS

How many registers does an x86_64 CPU actually have?