How to Run Commands as Non‑Login Users with su – No Shell Required

The su command normally switches to another user and starts that user’s login shell, but it can also run a single command as a user whose account is disabled for login (e.g., shell set to /sbin/nologin or /bin/false).

Understanding non‑login users

Non‑login users are created for security reasons; they cannot log in interactively because their login shell is set to /sbin/nologin or /bin/false.

Running a single command with su

Use the -s option to specify an alternative shell (commonly /bin/bash) and the -c option to pass the command to execute. The general syntax is:

su -s /bin/bash <username> -c '<command>'

Example

Suppose you need to run script.sh as the apache user, whose shell is /sbin/nologin: su -s /bin/bash apache -c '/path/to/script.sh' This runs the script with the privileges of the apache user.

Security tips

When using su to act as a non‑login user, ensure the command does not expose sensitive data or unintentionally modify system settings; always follow the principle of least privilege.

Administrator usage

Only users with appropriate privileges (typically root) can invoke su to switch to a non‑login account, preventing abuse of elevated rights.

Conclusion

Using su -s /bin/bash lets administrators execute tasks as any user, even those configured as non‑login, without altering the user’s original shell. This provides flexibility while requiring careful security considerations.