Is there any way with which, using shell scripts, I can execute a program as another user, in a uniquely(randomly) named directory, where the user has rwx access to all the files in that directory, but cannot change anything outside it.
i.e. When a program is executed using this script in a folder, it can only access files inside the folder and cannot change any system settings or navigate outside this folder
You could use rbash (or bash -r): it is a restricted version of bash that imposes some limitations to the user with respect to full bash. From rbash man page:
It behaves identically to bash with the exception that the following are disallowed or not performed:
o changing directories with cd o setting or unsetting the values of SHELL, PATH, ENV, or BASH_ENV o specifying command names containing / o specifying a file name containing a / as an argument to the . builtin command o Specifying a filename containing a slash as an argument to the -p option to the hash builtin command o importing function definitions from the shell environment at startup o parsing the value of SHELLOPTS from the shell environment at startup o redirecting output using the >, >|, <>, >&, &>, and >> redirection operators o using the exec builtin command to replace the shell with another command o adding or deleting builtin commands with the -f and -d options to the enable builtin command o Using the enable builtin command to enable disabled shell builtins o specifying the -p option to the command builtin command o turning off restricted mode with set +r or set +o restricted.
To use rbash trasparently, start your script with #!/bin/rbash.
Hope this help.
Use:
sudo -u USERNAME
EDIT: To use this command without entering password, use:
echo PASSWORD | sudo -u USERNAME COMMAND
Replace PASSWORD with the password of USERNAME. Replace USERNAME with the username. Replace COMMAND with the command you want to execute.
For example:
echo password123 | sudo -u daniel cp ./file ./dir/filecopied
I hope this helped you, Daniel
