AIXThis forum is for the discussion of IBM AIX.
eserver and other IBM related questions are also on topic.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
i used su - abc command in script and i dont want to pass password on the terminal. i want to pass the password from the script only (non interactive) what can i do
You're creating a MASSIVE security hole here. If you need root priviledges, why don't you just run the script as root, then you don't need to su at all?
You're creating a MASSIVE security hole here. If you need root priviledges, why don't you just run the script as root, then you don't need to su at all?
What about processes that need to run as a specific user? Like postgres....mysql...?
System daemons that are started as root, have code built in to reduce their access rights as soon after startup as possible, whenever possible. These programs are scrutinized, and typically follow best-practices for setuid/setgid programs.
There has been several security issues with setuid/setgid Shell scripts. It has been considered a risky practice even to this day; the reason for it is simple. The shell interpreters have not generally focused on being security cautious, and programmers are not aware of all the ways a script can go awry.
Binary setuid/setgid programs (eg. from compiled C source) are inherently more secure than scripts, because the language does not have all the built in wildcarding, and other shell niceties designed for assisting humans. They have a limited, strict set of system calls that can be used, and their actions are entirely designed by the developer to permit only a single, or limited action.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.