Howto run interactive commands, as another user

sudo su - << 'EOF'
# do stuff...
EOF

This works, but with a limitation: the script is passed to the shell on its standard input, so you don't get to use the standard input for something else such as reading the name of the user to create.

The simple way of retaining standard input is to pass the shell command as an argument instead.

Note that sudo su is redundant — sudo runs the specified command as root, and that's the sole purpose of su as well. Use sudo -i instead of sudo su - if you want to run a login shell as root — which is probably unnecessary here — or sudo sh to just run a shell as root.

sudo sh -c '
  # do stuff...
'

This makes it awkward to use a single quote in the shell snippet. You can use '\'' to put a single quote inside the single-quoted literal. If you want to retain the here document structure, there are several ways. The most straightforward is to pass the here document on a different descriptor. However this requires the closefrom_override option to be activated in the sudo configuration, which is not the case by default; by default, sudo closes all file descriptors other than stdin, stdout and stderr.

sudo -C 3 sh -c '. /dev/fd/3' 3<<'EOF'
# do stuff...
EOF

If you want your code to be portable to machines where this option isn't activated, you can read the script from a heredoc and pass it to the shell as an argument.

script=$(cat <<'EOF'
# do stuff...
EOF
)
sudo sh -c "$script"

Alternatively, if you want the sudoed script to be able to read from the terminal, you can pass the script body on standard input. A limitation of this approach is that it doesn't allow the input of the overall script to be redirected.

sudo sh <<'EOF'
exec </dev/tty
# do stuff...
EOF