LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu
User Name
Password
Ubuntu This forum is for the discussion of Ubuntu Linux.

Notices

Reply
 
Search this Thread
Old 06-19-2012, 07:34 PM   #1
Sniperm4n
LQ Newbie
 
Registered: May 2012
Posts: 27

Rep: Reputation: Disabled
Passwordless su in a Bash Script?


I've run into a dilemma while migrating a Hadoop installation from Oracle Enterprise Linux to Ubuntu. The prior developer put the following command into rc.local within OEL:

su reporter -c "cd /path/to/directorywithscript && bash runwebserver.sh >> /dev/null 2>&1&"

I need the above webserver to automatically start (and stop) in Ubuntu as the specified reporter user (the automation stuff is MUCH less important than getting this script to properly run as the reporter user, but is a "nice to have" feature). This process needs to start last, as I still need to configure a couple of other Hadoop-related scripts to automatically start before this one (the webserver resides in the Hadoop filesystem, which doesn't get mounted until after you're in the OS). Every time I issue the su command I get asked for a password. This occurs regardless of which user is currently "active" and wasn't a problem in OEL since the Root user is actually used. Here is my current attempt at a /etc/sudoers file, but it's still not working (I'm unsure if the changes I made at the bottom are correct):

Code:
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

Defaults        env_reset

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification

# Allow members of group sudo to execute any command after they have
# provided their password
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=(ALL) ALL
#
#includedir /etc/sudoers.d

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# User privilege specification
root    ALL=(ALL) ALL
user3 ALL=(ALL)NOPASSWD:/bin/su
user2 ALL=(ALL)NOPASSWD:/bin/su
user1 ALL=(ALL)NOPASSWD:/bin/su
reporter ALL=(ALL)NOPASSWD:/bin/su
This is a duplicate of a thread I posted over at UbuntuForums.org (http://ubuntuforums.org/showthread.p...1#post12040341), but I'm getting desperate for an answer =P. Please note that my Linux knowledge is still weak (I knew almost no Linux before this project was dropped in my lap). Any help is greatly appreciated as this is currently a major stumbling block!! =)

Thanks,
-Snipe

Last edited by Sniperm4n; 06-19-2012 at 07:35 PM.
 
Old 06-20-2012, 05:01 AM   #2
catkin
LQ 5k Club
 
Registered: Dec 2008
Location: Tamil Nadu, India
Distribution: Servers: Debian Squeeze and Wheezy. Desktop: Slackware64 14.0. Netbook: Slackware 13.37
Posts: 8,533
Blog Entries: 27

Rep: Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176Reputation: 1176
Unless ubuntu have done something weird, rc.local is run with root privileges during boot and the su reporter -c command should work.

You could try removing >> /dev/null 2>&1 and rebooting to see if that generates any helpful error messages. The final & may be required so safest to leave it there or rc.local may not run to completion.

In case ubuntu does not display or log the boot messages, you could change >> /dev/null 2>&1 to something like >> /var/log/runwebserver.log 2>&1
 
1 members found this post helpful.
Old 06-21-2012, 12:26 AM   #3
Sylvester Ink
Member
 
Registered: Jun 2010
Posts: 48

Rep: Reputation: 30
Okay, I think I may have a solution for you.

***
In your sudoers file, add the following line:
sniper ALL=(reporter) NOPASSWD: ALL

Where "sniper" is your username. This means that the user "sniper" will be given permission on "ALL" hosts to run "ALL" commands as the user "reporter" without requiring a password. (More on this below.)

***
In order to run the command, you would type in the following line (when logged in as "sniper"):
sudo -u reporter -i /home/reporter/somescript

The -u argument tells sudo to execute the following command as the user "reporter." The -i argument tells sudo to log in as the user "reporter" when executing the command. "somescript" is a bash script in the directory /home/reporter.

***
Inside of somescript (or whatever you decide to name it), you can put the following two lines:
#!/bin/bash
cd /path/to/directorywithscript && bash runwebserver.sh >> /dev/null 2>&1&

Also, be sure to "chmod 755 somescript" in order to make it executable. The reason to put this in a bash script is that it results in less typing for you. You can type the full line in otherwise, but work smarter not harder etc etc.


This is the quickest way to get things working the way you want, but it may not be the most ideal. For one, any command can be run as reporter by using the above command. In fact, the command "sudo -u reporter -i" (exactly as it is) will log you in as the user "reporter," which may be giving away too much access to reporter's account. However, this is necessary as full access is required to run any login scripts that reporter has, as well as any commands in the script files. There are probably other, more secure ways to do this, but it would require a different approach than what you're using.

In any case, it should do what you want it to do. Be sure to check out the Sudoer's Manual for more info:
http://www.gratisoft.us/sudo/sudoers.man.html

Good luck!
[EDIT]Catkin's solution is closer to what you would want to do in a server environment, so if possible, use that solution first. The page wasn't reloaded from when I first opened it, so I didn't see his response before I posted mine.[/EDIT]

Last edited by Sylvester Ink; 06-21-2012 at 12:30 AM.
 
Old 07-05-2012, 12:02 PM   #4
Sniperm4n
LQ Newbie
 
Registered: May 2012
Posts: 27

Original Poster
Rep: Reputation: Disabled
Thank you to everyone for your in-depth responses! Unfortunately, the project has been terminated (with the finish line in sight) and I can't test this any further. Yay for corporate B.S.! =/
 
  


Reply

Tags
authentication, bash, passwordless, su, sudoers


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Passwordless sftp in shell script pavan06 Linux - Newbie 5 09-06-2011 08:06 PM
SSH connection from BASH script stops further BASH script commands tardis1 Linux - Newbie 3 12-06-2010 08:56 AM
[SOLVED] Using a long Bash command including single quotes and pipes in a Bash script antcore Linux - General 9 07-22-2009 11:10 AM
Bash processing tips needed for listing passwordless users. green_dood Linux - Software 4 05-15-2009 12:13 PM
runremote script for passwordless ssh keys + LTSP shishirkotkar Linux - Networking 3 04-12-2008 12:07 PM


All times are GMT -5. The time now is 06:06 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration