This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Is it possible to switch(su) IAM user when the VM instance enable OS Login?

Posted on 10-21-2021 05:16 PM
rai_kyou
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hello,

I started a VM instance with Debian, and I noticed OS Login can manage SSH access using IAM.

There are two employees in the organization whose accounts are user_a@example.com and user_b@example.com .

When use the following command to connect the instance, 

 

gcloud compute ssh instance_name

 

 and show like this,

 

user_a_example_com@instance:~$
user_b_example_com@instance:~$

 

 When trying to switch another user, I am asked to enter a password.

I checked /etc/passwd and found that user_a and user_b not exist.

Can someone please explain in detail the password management for IAM users.

Solved Solved
0 6 3,032
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
glen_yu
Google Developer Expert
Google Developer Expert
In response to rai_kyou
Reply posted on --/--/---- --:-- AM

As I mentioned, I would try it when the user has the OSLoginAdmin role as that role has sudo access.  If you can't sudo -i to root and then su - user_b_example_com then you should be safe. 

 

The users won't have a password so there should be no way that I can see that you'd be able to make that switch.  And if those users only have OSLogin, then you wouldn't be able to even sudo  

 

Can you even do a finger or id on the other user?

View solution in original post

Jump to Solution
0 Likes
6 REPLIES 6
Top Labels in this Space
Top Solution Authors
View all