NOTE: This page was created to generalize the technique of impersonating a system account that has no defined shell, and no known password. Specifically, it was documented as a means to add functionality to a Jenkins build server (where the jenkins account has a disabled shell).
### Solution If you come across a software package on a Linux host that runs with a system account (one without a known password or defined shell), here are ways to do things as a system account user. The above check in /etc/passwd will indicate what shell is defined for the Jenkins user. Normally, it will be set to: /bin/false. This means that the user's shell is disabled. Obviously the above screenshot indicates the jenkins shell is: /bin/bash. But, this was set as a permanent fix, that could have been a drastic solution, and not totally necessary, since we've learned since then. Here are a couple of things we can do, when we must install things for the jenkins user (that will execute them). ##### 1. Temporarily switch to Another User (if it has no defined shell). If the login shell is /bin/false or /user/sbin/nologin, you won't be able to use `su jenkins` directly. Instead, you can run either of these: ```bash sudo -u jenkins -s --shell /bin/bash ``` Or: ```bash sudo -u jenkins bash ``` This gives you a shell as `jenkins`. ##### 2. Permanent Change (If You Want to Allow Logins) If you want to enable login for the `jenkins` user, you can change its shell to `/bin/bash`: ``` sudo usermod -s /bin/bash jenkins ``` Now, you can switch users normally with: `sudo su jenkins` Or (if running as root): `su - jenkins` ##### 3. Running a Specific Command as the Jenkins User If you only need to run a single command as `jenkins`, you can use: ```bash sudo su jenkins