LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Enterprise (http://www.linuxquestions.org/questions/linux-enterprise-47/)
-   -   Shell script issue (http://www.linuxquestions.org/questions/linux-enterprise-47/shell-script-issue-657331/)

suvra82002 07-21-2008 11:40 PM

Shell script issue
 
Hi All,

Good morning....I need a help in writing one shell script....(RHEL5)

I will describe the scenario first..

I want to install jboss on various system on boot time install....

so my requirement is to write a script that will install jboss products as a root user only..If its any other user it should throw a error message and exit.....

The script is not supposed to take the username from the user himself. It is supposed to see which user it is running as (self). If any user other than root run this script it should give error and exit.......

Kindly any1 help me to do that....if any1 has written a script pls help me out.....

Regards
Suvra

Mr. C. 07-21-2008 11:52 PM

man id
man bash, search UID

Vit77 07-22-2008 05:14 AM

Code:

if [ "$LOGNAME" != "root" ]
then
  echo You are not root user!
  exit 1
fi

go on here...


Mr. C. 07-22-2008 11:41 AM

FYI: LOGNAME is not always a reliable test. Some users have root accounts that use different names, such as "toor", or "rot"; these convenience accounts are commonplace for many, and exist by default in some BSDs.

UID=0 will always be the correct test.

custangro 07-22-2008 11:46 AM

Quote:

Originally Posted by Mr. C. (Post 3222769)
FYI: LOGNAME is not always a reliable test. Some users have root accounts that use different names, such as "toor", or "rot"; these convenience accounts are commonplace for many, and exist by default in some BSDs.

UID=0 will always be the correct test.

Correct...

I always use...

Code:

if [ $(id -u) -ne 0 ]; then
  echo "You are not root"
  exit 1
fi

One caveat is that if you are on Solaris you have yo make sure that you use /usr/xpg4/bin/id

-C

Vit77 07-22-2008 11:45 PM

Quote:

Originally Posted by Mr. C. (Post 3222769)
FYI: LOGNAME is not always a reliable test.
...
UID=0 will always be the correct test.

Sure, You're right. It'll make the script stronger.
Just sometimes it's easier for beginners to understand with exact names instead of numbers.

Mr. C. 07-22-2008 11:57 PM

Actually, I disagree with this. Users *should* learn about UID/GID, as they are the key permissions-granting aspect of *nix systems. User names are simple, decorative candy above that.

custangro 07-23-2008 10:37 AM

Quote:

Originally Posted by Mr. C. (Post 3223339)
Actually, I disagree with this. Users *should* learn about UID/GID, as they are the key permissions-granting aspect of *nix systems. User names are simple, decorative candy above that.

I agree with your disagreement :D

-C

Vit77 07-23-2008 02:32 PM

Quote:

Originally Posted by Mr. C. (Post 3223339)
Users *should* learn about UID/GID, as they are the key permissions-granting aspect of *nix systems.

I'm agree with this point too, they should.
But I'm not sure you will memorize 150 UIDs instead of usernames.
Changing the name of root user is not a panacea, and it hardly could protect the system from an attack.

Quote:

Originally Posted by Mr. C. (Post 3223339)
User names are simple, decorative candy above that.

Do you register in your system using UID? Or do you writing e-mails to 1111@22.33.44.55? :)

Returning tho the original question, I'm still convenienced that my script was more understandable, and it could involve beginners in thinking, whereas these "weird" numbers usually have opposite effect.

Whar's more, suvra82002 has written about RHEL5, where by default root user is called exactly root.

And finally, even id could be substituted with mal-ware and return not so reliable values...

custangro 07-23-2008 02:55 PM

Quote:

Originally Posted by Vit77 (Post 3224079)
I'm agree with this point too, they should.
But I'm not sure you will memorize 150 UIDs instead of usernames.
Changing the name of root user is not a panacea, and it hardly could protect the system from an attack.


Do you register in your system using UID? Or do you writing e-mails to 1111@22.33.44.55? :)

Returning tho the original question, I'm still convenienced that my script was more understandable, and it could involve beginners in thinking, whereas these "weird" numbers usually have opposite effect.

Whar's more, suvra82002 has written about RHEL5, where by default root user is called exactly root.

And finally, even id could be substituted with mal-ware and return not so reliable values...

You're missing the point.

We are not memorizing UID's ... we are using the UID in the script so that it would be portable... in which case using the UID is preferable.

And if you are scared of malware/virus/root-kit then you should stop using computers...since it WILL happen to you one day...question is "when".

Mr. C. and i were just trying to give you "best practice"...don't take it personal...but if you ask around using UID is superior to login names...not that using login names is "wrong"...just that using UID is superior...

-C

Mr. C. 07-23-2008 02:58 PM

Quote:

Originally Posted by Vit77 (Post 3224079)
I'm agree with this point too, they should.
But I'm not sure you will memorize 150 UIDs instead of usernames.
Changing the name of root user is not a panacea, and it hardly could protect the system from an attack.

Who cares about 150 UIDs? Two concepts are necessary: 0 and non-zero.

Who said anything about attacks? I said "convenience accounts", and nothing about security via obfuscation techniques.

Quote:

Originally Posted by Vit77 (Post 3224079)
Do you register in your system using UID? Or do you writing e-mails to 1111@22.33.44.55? :)

Of course not - the point isn't that one should not use names, it is that names DO NOT imply permission. The entire OS uses UID/GID/EUID/EGUID internally, not names.

My mail accounts are virtual, so that point is moot.
Quote:

Originally Posted by Vit77 (Post 3224079)
Returning tho the original question, I'm still convenienced that my script was more understandable, and it could involve beginners in thinking, whereas these "weird" numbers usually have opposite effect.

Code that just sometimes works by design is bad code - period. Standard practice is to check UID. With almost +25 years of experience with *nix systems, I'm confident in my assessment. If you want to write code that we all can see *will* fail under certain circumstances, be my guest. I'll concede the battle that demonstrates anther's foolishness.

Quote:

Originally Posted by Vit77 (Post 3224079)
Whar's more, suvra82002 has written about RHEL5, where by default root user is called exactly root.

Again, many seasoned admins create UID=0 accounts that are not named "root". This is not an uncommon practice. It is done AFTER the default system has been setup, and code should accommodate this.
Quote:

Originally Posted by Vit77 (Post 3224079)
And finally, even id could be substituted with mal-ware and return not so reliable values...

Now this argument is just plain silly. So in that case could the shell (which provides your LOGNAME) and any other utility. You've switched into an entirely different ballpark with this one.

custangro 07-23-2008 02:59 PM

Quote:

Originally Posted by Mr. C. (Post 3224104)
Code that just sometimes works by design is bad code

Good Point.

-C

Vit77 07-25-2008 07:31 AM

Quote:

Originally Posted by custangro (Post 3224100)
And if you are scared of malware/virus/root-kit then you should stop using computers...since it WILL happen to you one day...question is "when".

I just said that changing root name hardly could protect the system from an attack. right?
Quote:

Originally Posted by custangro (Post 3224100)
Mr. C. and i were just trying to give you "best practice"...don't take it personal...but if you ask around using UID is superior to login names...not that using login names is "wrong"...just that using UID is superior...

I'm taking it easy, don't worry.
UID=0 is used often, but I doubt about regular users. Mr. C. is more proper in that.
Look at the Oracle Guides, for instance:
Code:

if [ $USER = "oracle" ]; then
        if [ $SHELL = "/bin/ksh" ]; then
              ulimit -p 16384
              ulimit -n 65536
        else
              ulimit -u 16384 -n 65536
        fi
fi

Quote:

Originally Posted by Mr. C. (Post 3224104)
Code that just sometimes works by design is bad code - period.

True. But not for this case.
This code works on standard systems. And renaming "root" is getting less common already AFAIK.

You've said about convenience accounts. Why is it more convenient than standard "root"? Or what else does it mean?

And thanks for your assertion about "anothers in the battle"...

Mr. C. 07-25-2008 02:57 PM

The oracle example requires usage of USER = oracle, because that is the name by which the system was installed. An installation cannot assume a UID/GID, but can default to certain username/groupnames for installation and runtime. This is the case where USER is the correct usage. The point to take note of is that *the most accurate* mechanism should be used. In the case of superuser privs, its UID=0, or for group wheel or root, its GID=0, and in the case of some software installation that uses specific username/groupnames, USER is correct.

Quote:

Originally Posted by Vit77
True. But not for this case.
This code works on standard systems. And renaming "root" is getting less common already AFAIK.

No, it doesn't. My NetBSD system BY DEFAULT comes with BOTH root and toor accounts, both with UID=0
Code:

root:*:0:0:Charlie &:/root:/bin/csh
toor:*:0:0:Bourne-again Superuser:/root:/bin/sh

If you look carefully, you will find there is utility there. This has nothing to do with renaming an account. This has been a practice for almost 25+ years.

Self-serving estimates of the state of the world are silly. "less common" and "not for this case" show your focus is not on portability and correctness, but rather sticking to your guns. Shoot on...

custangro 07-25-2008 04:50 PM

Quote:

Originally Posted by Mr. C. (Post 3226373)
The oracle example requires usage of USER = oracle, because that is the name by which the system was installed. An installation cannot assume a UID/GID, but can default to certain username/groupnames for installation and runtime. This is the case where USER is the correct usage. The point to take note of is that *the most accurate* mechanism should be used.

...And in the case of oracle I STILL wouldn't use the login name...I would do something similar to...

Code:

#!/bin/bash
#
oracleuser=oracle
oracleid=$(id -u oracle)
#
if [ $(id -u) -ne ${oracleid} ]; then
  echo "You are not the oracle user..."
  exit
fi

So if the oracle user EVER changes...for whatever reason..all you would have to change is the oracleuser= part in the script...this is also good for portability since I've run across installations of oracle where the user name was something weird like ora

My :twocents:


All times are GMT -5. The time now is 07:22 AM.