Executing scripts over ssh (and sudo su)
Good morning,
I've been googling about this for a long while but I failed founding how to archive it (if possible....) I need to run a a script on a Unix server from a linux machine: myuser -> my user to connect to the server. unixserver -> the server where the script is going to run The problem is that I have to run this script with a generic system user (wich we are going to call: sysuser). I've tried the following: ssh -t myuser@unixserver "sudo su - sysuser && whoami" But this, obviously, log you to the server, then on sysuser and when you exit the sysuser session it will launch the 'whoami' command... I have to sudo su sysuser, and it is not possible for me to execute the script from myuser neither to change this infrastructure. I don't have the sysuser password so I can't just su - sysuser. I've tried too: ssh -t myuser@unixserver "sudo su - sysuser --command=whoami" but I've received the error: Sorry, user myuser is not allowed to execute '/usr/bin/su - sysuser --command=whoami' as root on unixserver. the same for: ssh -t myuser@unixserver "sudo -u sysuser whoami" I will appreciate you help and sorry for my awful English. thanks! |
I'd say "sudo <user> <command>" is the better form to use, but as you can only use su... I'd suggest it is probably the case that the visudos file has only been set-up to only allow sudo su. Do you have control on the end server or not?
|
in that case I would try to construct a shell script to do the job (as root) on unixserver and execute it from your host.
|
The program su is probably the wrong way to go about things. What are you trying to solve? Do you need to run lots of different programs as sysuser, or just one or two?
About using sudo, the user myuser needs permission in sudoers to run things as the user sysuser. But rather than editing /etc/sudoers directly, you might consider adding a file under /etc/sudoers.d/ and making your additions there. See the manual page for sudoers for details. Code:
man 5 sudoers |
Thanks to everyone... that was quick! :D
Ok, as I've said I can't do modification to the system, I only have permission to execute /usr/bin/su to sysuser from myuser and I have no root access. I meant, the only thing I can do when I connect to this server is: sudo su - sysuser ./sysscript What I want to do is to write a script that I will execute on my linux laptop so I can execute this 'syscript' on many servers without logging manually on each one. |
There might be several possibilities, but you'll need first confirm what you really are allowed to run on the remote machine.
Code:
ssh -t myuser@unixserver "sudo -l" |
I think I know the issue, the visudo file has an explicit usage of su which is broken the moment you add the --command alias on it.
To be fair, at the moment you have granted a user "sudo su", then you might as well grant all in sudo because a user with sudo su can simply edit the sudoers file to give themselves that anyway. |
Quote:
|
Ok. Then maybe it has to be formulated like this:
Code:
ssh -t myuser@unixserver "sudo su -l sysuser --command=./sysscript" |
Thanks to everyone... I guess I'll have to do a lot of redundant job :(
|
If you have a system with lots of servers in it that you have to do repeat processes like this, then maybe it'd be best to suggest moving it to some form of central control such as puppet, chef or salt. That is to whomever is in charge.
|
All times are GMT -5. The time now is 07:15 AM. |