LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 05-22-2008, 02:32 AM   #1
cool_anupam
LQ Newbie
 
Registered: May 2008
Posts: 2

Rep: Reputation: 0
Unhappy How to switch user via shell script


Hi All,

I am new to this community. I saw some threads similar to my problem, but I am posting a new thread because my problem is a bit different.

I am writing a shell script to be run on RHEL4 on the bash shell. This script has to be run as a user other than 'root' and execute some commands.

One of the commands it uses, requires root priviledges. Now, I do not want to change the /etc/sudoers file or change the script permissions for that. The best way out is to temporarily switch to root user from the script, run the command, get the output and come back to the non-root user. I tried using 'sudo' and 'su' with some combination of options but the problem remains when the shell prompts for password. If I supply the password manually it does execute the command, but I want to give the password through the shell script which I am unable to do.

Can anyone give me a solution to this?
 
Old 05-22-2008, 06:25 PM   #2
cjcox
Member
 
Registered: Jun 2004
Posts: 305

Rep: Reputation: 42
sudoers (sudo) is arguably a good answer. I can be configured to execute a particular command as any user (including root) and even configured for just a particular command to be executed without a password even. About the only reason why you wouldn't do this is if you weren't assured of an sudo environment.

What you are attempting to do is a BAD answer... but nevertheless...

You can do this kind of interaction using an expect script. But again, what you are asking for is wrong. Look into expect if you are SURE you want to do this (exposes the root password doing it your way).

Oh.. there is another way, and that is to use SSH and keys... openssh can be configured to execute a particular
command. There are probably some other ways as well.. all BAD... but certainly doable.

You'll need to provide me with more detail of what you are trying to do in order to convince me that what you are doing isn't BAD.
 
Old 05-22-2008, 08:14 PM   #3
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,280

Rep: Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032
cjcox is correct, this is exactly the sort of situation sudo was created for. Do NOT put the root passwd in a script (or any file). You WILL regret it.
 
Old 05-27-2008, 04:46 AM   #4
cool_anupam
LQ Newbie
 
Registered: May 2008
Posts: 2

Original Poster
Rep: Reputation: 0
cjcox, I agree that it is a bad idea to put root password in a script. But, I am not harcoding the password, it will come from the application which internally calls the shell script and the script may use it to do its work.

Actually, the script will be run as a non-root user, as I already specified, but I need to use the 'pvs' or 'pvdisplay' command which is a part of lvm2 package in RHEL4. this package and all its sub commands require root permission to run.

I am open to any other suggestion of executing this command and getting the output, through the script, running in mormal user mode. When you attempt this in normal user mode, the output says:

Unable to open /etc/lvm/.cache: Permission denied

Is there any other way out...
 
Old 05-27-2008, 06:41 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,367
Blog Entries: 54

Rep: Reputation: 2866Reputation: 2866Reputation: 2866Reputation: 2866Reputation: 2866Reputation: 2866Reputation: 2866Reputation: 2866Reputation: 2866Reputation: 2866Reputation: 2866
The fact Sudo was presented twice as solution should be your cue to just use it.
 
Old 05-29-2008, 01:32 AM   #6
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,280

Rep: Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032
And where does the app get the root passwd ???? Its the same problem over.....
 
Old 05-29-2008, 08:56 PM   #7
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,378

Rep: Reputation: 1109Reputation: 1109Reputation: 1109Reputation: 1109Reputation: 1109Reputation: 1109Reputation: 1109Reputation: 1109Reputation: 1109
Gentleperson... think about it!

You have a need to write a script or to run a command "with elevated privileges." In other words, you need to allow an ordinary user to do something that requires extraordinary privileges. This is actually a fairly every-day occurrence... so, how might you accomplish such a task?
  • First of all, we can eliminate the possibility of anyone ever writing any sort of script that could "just do that," because if that were the case then obviously we have no security at all...
  • Therefore, we either need to be able to confer extraordinary privileges upon a particular "magical program," or we need to be able to run an "ordinary" program in a "magical" way.
Both capabilities exist. The latter is called sudo, and this is what you need to investigate.

Your requirement is not new. It's been around since the 1970's... Trust me on that.
 
Old 05-29-2008, 10:01 PM   #8
i92guboj
Gentoo support team
 
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,040

Rep: Reputation: 373Reputation: 373Reputation: 373Reputation: 373
Quote:
Originally Posted by cool_anupam View Post
cjcox, I agree that it is a bad idea to put root password in a script. But, I am not harcoding the password, it will come from the application which internally calls the shell script and the script may use it to do its work.
And this gives you absolutely no additional security. For example, let's think you have a "somecommand" which will feed our script with the password. Anyone with access to the script will be able to cat or edit it, see your "somecommand", and run it to get the password generated.

And, anyway, if you do something like this

Code:
#!/bin/bash
su << EOF
password
EOF
Beside that the password will be visible, you will get a reject of su, which will refuse to run because it can only be run from an interactive shell:

Code:
$ LC_ALL=C su << EOF
> password
> EOF
su: must be run from a terminal
You have already been told the options you have, and the only viable one is sudo, like it or not. Other than that, maybe if you describe *what* exactly do you need, maybe we can suggest alternative workaround without using root priviledges (I doubt it, but we could try).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How do i switch users in a shell script? koobi Programming 8 01-05-2008 02:19 PM
How to switch user in shell scripting.. Parished.D Linux - Software 2 10-31-2006 07:30 AM
Shell script user input tuckermaddox Linux - Newbie 5 08-12-2004 03:14 AM
Shell script that changes user davholla Linux - General 2 03-23-2004 09:18 PM
shell script user not ok slam Linux - General 4 07-24-2003 06:40 AM


All times are GMT -5. The time now is 08:50 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration