LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > Solaris / OpenSolaris
User Name
Password
Solaris / OpenSolaris This forum is for the discussion of Solaris and OpenSolaris.
General Sun, SunOS and Sparc related questions also go here.

Notices

Reply
 
Search this Thread
Old 11-15-2010, 02:10 AM   #1
mervclel
LQ Newbie
 
Registered: Jun 2010
Posts: 9
Blog Entries: 1

Rep: Reputation: 0
script needs su commands but is run by user


My system is as follows:-
System = SunOS
Node = pinn810-1
Release = 5.10
KernelID = Generic_118855-36
Machine = i86pc

I need to write a script that runs as a cron job but runs commands that require su privilages. OR that any (non su) user logging on can open a terminal shell and run the script. The script changing privilages on the fly to do the task. EG: If I have files ending with a certain extension in the login home directory, I would like any user logging on, to run a script that would delete the files. The script would have to be executable by the user but have 'su' rights to delete the files. I know I can use the chmod command to set file privilages but I believe the script needs to change ownership to a 'su', do the job, then change back again to the user.
Thanks and regards

Last edited by mervclel; 11-15-2010 at 02:12 AM.
 
Old 11-15-2010, 11:51 AM   #2
avarus
Member
 
Registered: Apr 2004
Location: Oxford, UK
Distribution: Ubuntu, Debian, various
Posts: 230
Blog Entries: 5

Rep: Reputation: 32
Hi,

In general, if you have a setup where files are being left in a user's home directory with permissions such that the user is unable to delete them, the problem is with the files being created with the wrong permissions in the first place. However, if you want to just work around the problem as you described then what you want, I believe, is "sudo". (http://www.gratisoft.us/sudo/)

Sudo is a standard part of Linux distros nowadays but also supported on Solaris,SunOS etc. It gives you very fine control over who can run privileged processes, what they can run and if they are authenticated by password. The sudo documentation should explain the setup better than I can, so I won't go into that here.

Hope that helps.

TIM
 
Old 11-15-2010, 12:02 PM   #3
forrestt
Senior Member
 
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
It doesn't matter what the permissions are on files in a user's home directory. If the user owns his home directory, and is able to write to the directory, he is able to delete ANY files in it no matter who owns them.

Try this:

Code:
% ls -la asdf.txt
ls: cannot access asdf.txt: No such file or directory
% sudo touch asdf.txt
% ls -la asdf.txt
-rw-r--r--. 1 root root 0 Nov 15 13:01 asdf.txt
% rm asdf.txt 
rm: remove write-protected regular empty file `asdf.txt'? y
% ls -la asdf.txt
ls: cannot access asdf.txt: No such file or directory
%
HTH

Forrest
 
Old 11-15-2010, 10:14 PM   #4
catkin
LQ 5k Club
 
Registered: Dec 2008
Location: Tamil Nadu, India
Distribution: Servers: Debian Squeeze and Wheezy. Desktop: Slackware64 14.0. Netbook: Slackware 13.37
Posts: 8,551
Blog Entries: 28

Rep: Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176
Quote:
Originally Posted by mervclel View Post
I would like any user logging on, to run a script that would delete the files. The script would have to be executable by the user but have 'su' rights to delete the files. I know I can use the chmod command to set file privilages but I believe the script needs to change ownership to a 'su', do the job, then change back again to the user.
Sounds messy and scary. Are these files readable by the ordinary user? If so they could make a copy of them, remove the original and do whatever they want with the copy. An alternative approach would be for a script run by root's cron to look for these files and change owner, group and permissions as required. The best solution would be to stop these files being created ... ?

Last edited by catkin; 11-15-2010 at 10:14 PM. Reason: Tidying
 
Old 11-24-2010, 09:18 PM   #5
mervclel
LQ Newbie
 
Registered: Jun 2010
Posts: 9
Blog Entries: 1

Original Poster
Rep: Reputation: 0
Thanks for your replies. You are right about the owner being able to delete the files. The tar files are generated when the user restores archived data from an ext RAID. The application running then converts the file into useful info for analysis. The issue has been that these files never get deleted and this has on occasion pushed the home folder to 100%. major issues. I did some further testing yesterday and think I have it beaten. My issue has been that I haven't been putting the full path in a rm command within a cron job script. I did this manually and it worked. So my cron job will run monday night. So I will check on Tuesday morning. Hope this will be the end of it.
 
  


Reply

Tags
permissions


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Execute script on local server as normal user to run commands on remote server ALInux Linux - Software 1 01-01-2010 06:30 AM
Shell Script - Change user & run multiple commands ijf99 Linux - Newbie 1 01-26-2009 06:15 AM
some commands cant run under normal user mocqueanh Linux - Newbie 1 01-11-2008 08:28 PM
Write a script to run several commands ??? wahaha Linux - Software 1 04-13-2007 08:20 PM
run 2 commands in a script ddpicard Linux - General 10 06-13-2003 04:50 PM


All times are GMT -5. The time now is 09:42 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration