LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices

Reply
 
Search this Thread
Old 07-21-2008, 11:40 PM   #1
suvra82002
LQ Newbie
 
Registered: Jul 2008
Posts: 1

Rep: Reputation: 0
Shell script issue


Hi All,

Good morning....I need a help in writing one shell script....(RHEL5)

I will describe the scenario first..

I want to install jboss on various system on boot time install....

so my requirement is to write a script that will install jboss products as a root user only..If its any other user it should throw a error message and exit.....

The script is not supposed to take the username from the user himself. It is supposed to see which user it is running as (self). If any user other than root run this script it should give error and exit.......

Kindly any1 help me to do that....if any1 has written a script pls help me out.....

Regards
Suvra
 
Old 07-21-2008, 11:52 PM   #2
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
man id
man bash, search UID
 
Old 07-22-2008, 05:14 AM   #3
Vit77
Member
 
Registered: Jun 2008
Location: Toronto, Canada
Distribution: Mandriva, RHEL, Mageia, SuSE
Posts: 130

Rep: Reputation: 17
Code:
if [ "$LOGNAME" != "root" ]
then
  echo You are not root user!
  exit 1
fi

go on here...
 
Old 07-22-2008, 11:41 AM   #4
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
FYI: LOGNAME is not always a reliable test. Some users have root accounts that use different names, such as "toor", or "rot"; these convenience accounts are commonplace for many, and exist by default in some BSDs.

UID=0 will always be the correct test.
 
Old 07-22-2008, 11:46 AM   #5
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , Solaris 10, RHEL
Posts: 1,935
Blog Entries: 1

Rep: Reputation: 188Reputation: 188
Quote:
Originally Posted by Mr. C. View Post
FYI: LOGNAME is not always a reliable test. Some users have root accounts that use different names, such as "toor", or "rot"; these convenience accounts are commonplace for many, and exist by default in some BSDs.

UID=0 will always be the correct test.
Correct...

I always use...

Code:
if [ $(id -u) -ne 0 ]; then
  echo "You are not root"
  exit 1
fi
One caveat is that if you are on Solaris you have yo make sure that you use /usr/xpg4/bin/id

-C
 
Old 07-22-2008, 11:45 PM   #6
Vit77
Member
 
Registered: Jun 2008
Location: Toronto, Canada
Distribution: Mandriva, RHEL, Mageia, SuSE
Posts: 130

Rep: Reputation: 17
Quote:
Originally Posted by Mr. C. View Post
FYI: LOGNAME is not always a reliable test.
...
UID=0 will always be the correct test.
Sure, You're right. It'll make the script stronger.
Just sometimes it's easier for beginners to understand with exact names instead of numbers.
 
Old 07-22-2008, 11:57 PM   #7
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
Actually, I disagree with this. Users *should* learn about UID/GID, as they are the key permissions-granting aspect of *nix systems. User names are simple, decorative candy above that.
 
Old 07-23-2008, 10:37 AM   #8
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , Solaris 10, RHEL
Posts: 1,935
Blog Entries: 1

Rep: Reputation: 188Reputation: 188
Quote:
Originally Posted by Mr. C. View Post
Actually, I disagree with this. Users *should* learn about UID/GID, as they are the key permissions-granting aspect of *nix systems. User names are simple, decorative candy above that.
I agree with your disagreement

-C
 
Old 07-23-2008, 02:32 PM   #9
Vit77
Member
 
Registered: Jun 2008
Location: Toronto, Canada
Distribution: Mandriva, RHEL, Mageia, SuSE
Posts: 130

Rep: Reputation: 17
Quote:
Originally Posted by Mr. C. View Post
Users *should* learn about UID/GID, as they are the key permissions-granting aspect of *nix systems.
I'm agree with this point too, they should.
But I'm not sure you will memorize 150 UIDs instead of usernames.
Changing the name of root user is not a panacea, and it hardly could protect the system from an attack.

Quote:
Originally Posted by Mr. C. View Post
User names are simple, decorative candy above that.
Do you register in your system using UID? Or do you writing e-mails to 1111@22.33.44.55?

Returning tho the original question, I'm still convenienced that my script was more understandable, and it could involve beginners in thinking, whereas these "weird" numbers usually have opposite effect.

Whar's more, suvra82002 has written about RHEL5, where by default root user is called exactly root.

And finally, even id could be substituted with mal-ware and return not so reliable values...
 
Old 07-23-2008, 02:55 PM   #10
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , Solaris 10, RHEL
Posts: 1,935
Blog Entries: 1

Rep: Reputation: 188Reputation: 188
Quote:
Originally Posted by Vit77 View Post
I'm agree with this point too, they should.
But I'm not sure you will memorize 150 UIDs instead of usernames.
Changing the name of root user is not a panacea, and it hardly could protect the system from an attack.


Do you register in your system using UID? Or do you writing e-mails to 1111@22.33.44.55?

Returning tho the original question, I'm still convenienced that my script was more understandable, and it could involve beginners in thinking, whereas these "weird" numbers usually have opposite effect.

Whar's more, suvra82002 has written about RHEL5, where by default root user is called exactly root.

And finally, even id could be substituted with mal-ware and return not so reliable values...
You're missing the point.

We are not memorizing UID's ... we are using the UID in the script so that it would be portable... in which case using the UID is preferable.

And if you are scared of malware/virus/root-kit then you should stop using computers...since it WILL happen to you one day...question is "when".

Mr. C. and i were just trying to give you "best practice"...don't take it personal...but if you ask around using UID is superior to login names...not that using login names is "wrong"...just that using UID is superior...

-C

Last edited by custangro; 07-23-2008 at 02:58 PM.
 
Old 07-23-2008, 02:58 PM   #11
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
Quote:
Originally Posted by Vit77 View Post
I'm agree with this point too, they should.
But I'm not sure you will memorize 150 UIDs instead of usernames.
Changing the name of root user is not a panacea, and it hardly could protect the system from an attack.
Who cares about 150 UIDs? Two concepts are necessary: 0 and non-zero.

Who said anything about attacks? I said "convenience accounts", and nothing about security via obfuscation techniques.

Quote:
Originally Posted by Vit77 View Post
Do you register in your system using UID? Or do you writing e-mails to 1111@22.33.44.55?
Of course not - the point isn't that one should not use names, it is that names DO NOT imply permission. The entire OS uses UID/GID/EUID/EGUID internally, not names.

My mail accounts are virtual, so that point is moot.
Quote:
Originally Posted by Vit77 View Post
Returning tho the original question, I'm still convenienced that my script was more understandable, and it could involve beginners in thinking, whereas these "weird" numbers usually have opposite effect.
Code that just sometimes works by design is bad code - period. Standard practice is to check UID. With almost +25 years of experience with *nix systems, I'm confident in my assessment. If you want to write code that we all can see *will* fail under certain circumstances, be my guest. I'll concede the battle that demonstrates anther's foolishness.

Quote:
Originally Posted by Vit77 View Post
Whar's more, suvra82002 has written about RHEL5, where by default root user is called exactly root.
Again, many seasoned admins create UID=0 accounts that are not named "root". This is not an uncommon practice. It is done AFTER the default system has been setup, and code should accommodate this.
Quote:
Originally Posted by Vit77 View Post
And finally, even id could be substituted with mal-ware and return not so reliable values...
Now this argument is just plain silly. So in that case could the shell (which provides your LOGNAME) and any other utility. You've switched into an entirely different ballpark with this one.
 
Old 07-23-2008, 02:59 PM   #12
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , Solaris 10, RHEL
Posts: 1,935
Blog Entries: 1

Rep: Reputation: 188Reputation: 188
Quote:
Originally Posted by Mr. C. View Post
Code that just sometimes works by design is bad code
Good Point.

-C
 
Old 07-25-2008, 07:31 AM   #13
Vit77
Member
 
Registered: Jun 2008
Location: Toronto, Canada
Distribution: Mandriva, RHEL, Mageia, SuSE
Posts: 130

Rep: Reputation: 17
Quote:
Originally Posted by custangro View Post
And if you are scared of malware/virus/root-kit then you should stop using computers...since it WILL happen to you one day...question is "when".
I just said that changing root name hardly could protect the system from an attack. right?
Quote:
Originally Posted by custangro View Post
Mr. C. and i were just trying to give you "best practice"...don't take it personal...but if you ask around using UID is superior to login names...not that using login names is "wrong"...just that using UID is superior...
I'm taking it easy, don't worry.
UID=0 is used often, but I doubt about regular users. Mr. C. is more proper in that.
Look at the Oracle Guides, for instance:
Code:
if [ $USER = "oracle" ]; then
        if [ $SHELL = "/bin/ksh" ]; then
              ulimit -p 16384
              ulimit -n 65536
        else
              ulimit -u 16384 -n 65536
        fi
fi
Quote:
Originally Posted by Mr. C. View Post
Code that just sometimes works by design is bad code - period.
True. But not for this case.
This code works on standard systems. And renaming "root" is getting less common already AFAIK.

You've said about convenience accounts. Why is it more convenient than standard "root"? Or what else does it mean?

And thanks for your assertion about "anothers in the battle"...
 
Old 07-25-2008, 02:57 PM   #14
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
The oracle example requires usage of USER = oracle, because that is the name by which the system was installed. An installation cannot assume a UID/GID, but can default to certain username/groupnames for installation and runtime. This is the case where USER is the correct usage. The point to take note of is that *the most accurate* mechanism should be used. In the case of superuser privs, its UID=0, or for group wheel or root, its GID=0, and in the case of some software installation that uses specific username/groupnames, USER is correct.

Quote:
Originally Posted by Vit77
True. But not for this case.
This code works on standard systems. And renaming "root" is getting less common already AFAIK.
No, it doesn't. My NetBSD system BY DEFAULT comes with BOTH root and toor accounts, both with UID=0
Code:
root:*:0:0:Charlie &:/root:/bin/csh
toor:*:0:0:Bourne-again Superuser:/root:/bin/sh
If you look carefully, you will find there is utility there. This has nothing to do with renaming an account. This has been a practice for almost 25+ years.

Self-serving estimates of the state of the world are silly. "less common" and "not for this case" show your focus is not on portability and correctness, but rather sticking to your guns. Shoot on...

Last edited by Mr. C.; 07-25-2008 at 02:59 PM.
 
Old 07-25-2008, 04:50 PM   #15
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , Solaris 10, RHEL
Posts: 1,935
Blog Entries: 1

Rep: Reputation: 188Reputation: 188
Quote:
Originally Posted by Mr. C. View Post
The oracle example requires usage of USER = oracle, because that is the name by which the system was installed. An installation cannot assume a UID/GID, but can default to certain username/groupnames for installation and runtime. This is the case where USER is the correct usage. The point to take note of is that *the most accurate* mechanism should be used.
...And in the case of oracle I STILL wouldn't use the login name...I would do something similar to...

Code:
#!/bin/bash
#
oracleuser=oracle
oracleid=$(id -u oracle)
#
if [ $(id -u) -ne ${oracleid} ]; then
  echo "You are not the oracle user..."
  exit
fi
So if the oracle user EVER changes...for whatever reason..all you would have to change is the oracleuser= part in the script...this is also good for portability since I've run across installations of oracle where the user name was something weird like ora

My

Last edited by custangro; 07-25-2008 at 04:52 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Permission Issue With Shell Script and .Jar File timmit Slackware 3 06-02-2008 07:33 AM
Shell Script Exporting Issue trek413 Linux - Software 1 11-01-2006 04:18 PM
ftp'ing via shell script issue closet geek Programming 6 09-20-2006 09:11 AM
issue with shell script chupacabra Linux - General 3 10-18-2002 08:12 PM
Out of guesses! (shell Script issue) chris Linux - General 2 12-10-2001 04:20 PM


All times are GMT -5. The time now is 12:44 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration