Linux - EnterpriseThis forum is for all items relating to using Linux in the Enterprise.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Good morning....I need a help in writing one shell script....(RHEL5)
I will describe the scenario first..
I want to install jboss on various system on boot time install....
so my requirement is to write a script that will install jboss products as a root user only..If its any other user it should throw a error message and exit.....
The script is not supposed to take the username from the user himself. It is supposed to see which user it is running as (self). If any user other than root run this script it should give error and exit.......
Kindly any1 help me to do that....if any1 has written a script pls help me out.....
FYI: LOGNAME is not always a reliable test. Some users have root accounts that use different names, such as "toor", or "rot"; these convenience accounts are commonplace for many, and exist by default in some BSDs.
FYI: LOGNAME is not always a reliable test. Some users have root accounts that use different names, such as "toor", or "rot"; these convenience accounts are commonplace for many, and exist by default in some BSDs.
UID=0 will always be the correct test.
Correct...
I always use...
Code:
if [ $(id -u) -ne 0 ]; then
echo "You are not root"
exit 1
fi
One caveat is that if you are on Solaris you have yo make sure that you use /usr/xpg4/bin/id
Actually, I disagree with this. Users *should* learn about UID/GID, as they are the key permissions-granting aspect of *nix systems. User names are simple, decorative candy above that.
Actually, I disagree with this. Users *should* learn about UID/GID, as they are the key permissions-granting aspect of *nix systems. User names are simple, decorative candy above that.
Users *should* learn about UID/GID, as they are the key permissions-granting aspect of *nix systems.
I'm agree with this point too, they should.
But I'm not sure you will memorize 150 UIDs instead of usernames.
Changing the name of root user is not a panacea, and it hardly could protect the system from an attack.
Quote:
Originally Posted by Mr. C.
User names are simple, decorative candy above that.
Do you register in your system using UID? Or do you writing e-mails to 1111@22.33.44.55?
Returning tho the original question, I'm still convenienced that my script was more understandable, and it could involve beginners in thinking, whereas these "weird" numbers usually have opposite effect.
Whar's more, suvra82002 has written about RHEL5, where by default root user is called exactly root.
And finally, even id could be substituted with mal-ware and return not so reliable values...
I'm agree with this point too, they should.
But I'm not sure you will memorize 150 UIDs instead of usernames.
Changing the name of root user is not a panacea, and it hardly could protect the system from an attack.
Do you register in your system using UID? Or do you writing e-mails to 1111@22.33.44.55?
Returning tho the original question, I'm still convenienced that my script was more understandable, and it could involve beginners in thinking, whereas these "weird" numbers usually have opposite effect.
Whar's more, suvra82002 has written about RHEL5, where by default root user is called exactly root.
And finally, even id could be substituted with mal-ware and return not so reliable values...
You're missing the point.
We are not memorizing UID's ... we are using the UID in the script so that it would be portable... in which case using the UID is preferable.
And if you are scared of malware/virus/root-kit then you should stop using computers...since it WILL happen to you one day...question is "when".
Mr. C. and i were just trying to give you "best practice"...don't take it personal...but if you ask around using UID is superior to login names...not that using login names is "wrong"...just that using UID is superior...
I'm agree with this point too, they should.
But I'm not sure you will memorize 150 UIDs instead of usernames.
Changing the name of root user is not a panacea, and it hardly could protect the system from an attack.
Who cares about 150 UIDs? Two concepts are necessary: 0 and non-zero.
Who said anything about attacks? I said "convenience accounts", and nothing about security via obfuscation techniques.
Quote:
Originally Posted by Vit77
Do you register in your system using UID? Or do you writing e-mails to 1111@22.33.44.55?
Of course not - the point isn't that one should not use names, it is that names DO NOT imply permission. The entire OS uses UID/GID/EUID/EGUID internally, not names.
My mail accounts are virtual, so that point is moot.
Quote:
Originally Posted by Vit77
Returning tho the original question, I'm still convenienced that my script was more understandable, and it could involve beginners in thinking, whereas these "weird" numbers usually have opposite effect.
Code that just sometimes works by design is bad code - period. Standard practice is to check UID. With almost +25 years of experience with *nix systems, I'm confident in my assessment. If you want to write code that we all can see *will* fail under certain circumstances, be my guest. I'll concede the battle that demonstrates anther's foolishness.
Quote:
Originally Posted by Vit77
Whar's more, suvra82002 has written about RHEL5, where by default root user is called exactly root.
Again, many seasoned admins create UID=0 accounts that are not named "root". This is not an uncommon practice. It is done AFTER the default system has been setup, and code should accommodate this.
Quote:
Originally Posted by Vit77
And finally, even id could be substituted with mal-ware and return not so reliable values...
Now this argument is just plain silly. So in that case could the shell (which provides your LOGNAME) and any other utility. You've switched into an entirely different ballpark with this one.
And if you are scared of malware/virus/root-kit then you should stop using computers...since it WILL happen to you one day...question is "when".
I just said that changing root name hardly could protect the system from an attack. right?
Quote:
Originally Posted by custangro
Mr. C. and i were just trying to give you "best practice"...don't take it personal...but if you ask around using UID is superior to login names...not that using login names is "wrong"...just that using UID is superior...
I'm taking it easy, don't worry.
UID=0 is used often, but I doubt about regular users. Mr. C. is more proper in that.
Look at the Oracle Guides, for instance:
Code:
if [ $USER = "oracle" ]; then
if [ $SHELL = "/bin/ksh" ]; then
ulimit -p 16384
ulimit -n 65536
else
ulimit -u 16384 -n 65536
fi
fi
Quote:
Originally Posted by Mr. C.
Code that just sometimes works by design is bad code - period.
True. But not for this case.
This code works on standard systems. And renaming "root" is getting less common already AFAIK.
You've said about convenience accounts. Why is it more convenient than standard "root"? Or what else does it mean?
And thanks for your assertion about "anothers in the battle"...
The oracle example requires usage of USER = oracle, because that is the name by which the system was installed. An installation cannot assume a UID/GID, but can default to certain username/groupnames for installation and runtime. This is the case where USER is the correct usage. The point to take note of is that *the most accurate* mechanism should be used. In the case of superuser privs, its UID=0, or for group wheel or root, its GID=0, and in the case of some software installation that uses specific username/groupnames, USER is correct.
Quote:
Originally Posted by Vit77
True. But not for this case.
This code works on standard systems. And renaming "root" is getting less common already AFAIK.
No, it doesn't. My NetBSD system BY DEFAULT comes with BOTH root and toor accounts, both with UID=0
If you look carefully, you will find there is utility there. This has nothing to do with renaming an account. This has been a practice for almost 25+ years.
Self-serving estimates of the state of the world are silly. "less common" and "not for this case" show your focus is not on portability and correctness, but rather sticking to your guns. Shoot on...
The oracle example requires usage of USER = oracle, because that is the name by which the system was installed. An installation cannot assume a UID/GID, but can default to certain username/groupnames for installation and runtime. This is the case where USER is the correct usage. The point to take note of is that *the most accurate* mechanism should be used.
...And in the case of oracle I STILL wouldn't use the login name...I would do something similar to...
Code:
#!/bin/bash
#
oracleuser=oracle
oracleid=$(id -u oracle)
#
if [ $(id -u) -ne ${oracleid} ]; then
echo "You are not the oracle user..."
exit
fi
So if the oracle user EVER changes...for whatever reason..all you would have to change is the oracleuser= part in the script...this is also good for portability since I've run across installations of oracle where the user name was something weird like ora
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.