LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-25-2013, 06:41 PM   #1
newbc
LQ Newbie
 
Registered: Feb 2012
Posts: 8

Rep: Reputation: Disabled
How to script a switch user operation


What I'm looking for: how to create a script that will execute su, provide a password, and let me stay in that new shell.

What I've found on google: lots and lots about how to execute an operation but nothing on how to stay in the shell

What I've got so far which does work, but immediately logs me out of the new shell (this may not even be the right approach, please tell me if it's not):

**********************
#!/usr/bin/expect
set user "<username>"
set pass "<password>"

spawn su - $user
expect {
;Password: {send "$pass\r"; exp_continue};}
**********************

Security concerns: This file lives in a secured directory so no other users (except the sysadmin obviously) can view the file.

Situation: I have to work with over 100 boxes, I can't use my account to perform operations with the applications we have living on them - hence the su, we are suddenly no longer able to log in directly to the application account, our passwords are ridiculously long and this is going to add a lot of unnecessary typing to my and my team's day if I can't get this script to work so I look forward to your suggestions here!
 
Old 02-25-2013, 06:46 PM   #2
Kustom42
Senior Member
 
Registered: Mar 2012
Distribution: Red Hat
Posts: 1,604

Rep: Reputation: 415Reputation: 415Reputation: 415Reputation: 415Reputation: 415
I had a similar situation and what I did was create a user "sshadmin" and setup ssh-key auth to the systems and then add them to the sudoers with nopassword. This sshadmin user was locked down to a jumpbox only my sys admin team had access to. So we would authenticate to the jumpbox then I wrote a simple script called "sshadmin" that would initiate an SSH connection to whatever hostname was provided as an argument. It logged all the ssh sessions under an appendable only directory for logging/audit purposes so users on the jumpbox couldnt remove the log files and they didnt have root so they couldnt chattr.

It worked well and since we had sshadmin user in the sudoers file with nopasswd we would just ssh to a box and sudo su -.


This is kind of an alternate solution to what you are looking to do, just some food for thought. If you want to go down this road I can send you some of the script info via a PM just let me know.
 
Old 02-25-2013, 07:05 PM   #3
newbc
LQ Newbie
 
Registered: Feb 2012
Posts: 8

Original Poster
Rep: Reputation: Disabled
Hmm, it looks like that is an option and if I get no bites on the other solution then this may be the way to go, but let me share why I'm still hoping for the other solution. It's really an issue of sheer efficiency. The goal is to have the fewest obstacles between me and getting to my work as possible. Here's what's going through my mind (sorry if this doesn't format right):

1) script option

log in to box
./login.sh

2) your log in option

log in to box
ssh <newbox>
su - <account>
# also: I can do the script myself, and this solution gets impacted if this one host goes offline for any reason

So there's more steps involved in the login option, but only 1 so it's not really unacceptable, however there are a couple of other issues here. The biggest one is that I can do the script approach myself without having to deal with waiting for the sysadmin to find time to get to the other solution and then having to deal with him being cranky about me giving him more work Given the number of boxes I'm working with this sounds like it might turn into a lot of work for him. Also, there is the issue that now I'm pinned to that box and if it goes down for some reason (not common, but has happened - think networked storage that's not configured correctly etc.) I'm now back to typing everything in for awhile. So this is a great start, but I'm really hoping for a script solution - if that's even possible? If not I'll likely be sending you a pm haha
 
Old 02-26-2013, 12:35 PM   #4
newbc
LQ Newbie
 
Registered: Feb 2012
Posts: 8

Original Poster
Rep: Reputation: Disabled
Looks like the answer was to replace "exp_continue" with "interact". Thanks for all your help!
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Is it possible to switch between the root/user inside automatic script? Michal Krzyz Linux - Newbie 10 12-12-2012 02:05 PM
Using shell script how to switch user and change folder sureshpanchanathan Linux - General 1 02-10-2012 01:43 AM
Switch user in a bash script bribon Programming 7 07-29-2011 10:33 AM
Run a script on switch-user event Ubuntu 9.10 bwilhite Programming 6 02-20-2010 08:44 AM
How to switch user via shell script cool_anupam Linux - General 7 05-29-2008 11:01 PM


All times are GMT -5. The time now is 03:36 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration