|
Shell script issue
Hi All,
Good morning....I need a help in writing one shell script....(RHEL5) I will describe the scenario first.. I want to install jboss on various system on boot time install.... so my requirement is to write a script that will install jboss products as a root user only..If its any other user it should throw a error message and exit..... The script is not supposed to take the username from the user himself. It is supposed to see which user it is running as (self). If any user other than root run this script it should give error and exit....... Kindly any1 help me to do that....if any1 has written a script pls help me out..... Regards Suvra |
man id
man bash, search UID |
Code:
if [ "$LOGNAME" != "root" ] |
FYI: LOGNAME is not always a reliable test. Some users have root accounts that use different names, such as "toor", or "rot"; these convenience accounts are commonplace for many, and exist by default in some BSDs.
UID=0 will always be the correct test. |
Quote:
I always use... Code:
if [ $(id -u) -ne 0 ]; then-C |
Quote:
Just sometimes it's easier for beginners to understand with exact names instead of numbers. |
Actually, I disagree with this. Users *should* learn about UID/GID, as they are the key permissions-granting aspect of *nix systems. User names are simple, decorative candy above that.
|
Quote:
-C |
Quote:
But I'm not sure you will memorize 150 UIDs instead of usernames. Changing the name of root user is not a panacea, and it hardly could protect the system from an attack. Quote:
Returning tho the original question, I'm still convenienced that my script was more understandable, and it could involve beginners in thinking, whereas these "weird" numbers usually have opposite effect. Whar's more, suvra82002 has written about RHEL5, where by default root user is called exactly root. And finally, even id could be substituted with mal-ware and return not so reliable values... |
Quote:
We are not memorizing UID's ... we are using the UID in the script so that it would be portable... in which case using the UID is preferable. And if you are scared of malware/virus/root-kit then you should stop using computers...since it WILL happen to you one day...question is "when". Mr. C. and i were just trying to give you "best practice"...don't take it personal...but if you ask around using UID is superior to login names...not that using login names is "wrong"...just that using UID is superior... -C |
Quote:
Who said anything about attacks? I said "convenience accounts", and nothing about security via obfuscation techniques. Quote:
My mail accounts are virtual, so that point is moot. Quote:
Quote:
Quote:
|
Quote:
-C |
Quote:
Quote:
UID=0 is used often, but I doubt about regular users. Mr. C. is more proper in that. Look at the Oracle Guides, for instance: Code:
if [ $USER = "oracle" ]; thenQuote:
This code works on standard systems. And renaming "root" is getting less common already AFAIK. You've said about convenience accounts. Why is it more convenient than standard "root"? Or what else does it mean? And thanks for your assertion about "anothers in the battle"... |
The oracle example requires usage of USER = oracle, because that is the name by which the system was installed. An installation cannot assume a UID/GID, but can default to certain username/groupnames for installation and runtime. This is the case where USER is the correct usage. The point to take note of is that *the most accurate* mechanism should be used. In the case of superuser privs, its UID=0, or for group wheel or root, its GID=0, and in the case of some software installation that uses specific username/groupnames, USER is correct.
Quote:
Code:
root:*:0:0:Charlie &:/root:/bin/cshSelf-serving estimates of the state of the world are silly. "less common" and "not for this case" show your focus is not on portability and correctness, but rather sticking to your guns. Shoot on... |
Quote:
Code:
#!/bin/bashMy :twocents: |
Use the UID to test for root as Mr.C has stated. Any user with UID of 0 has superuser privilege, regardless of username.
You might also want to use some passwd checking utility to check for users that have their UIDs set to 0 besides root. (or write a script to parse /etc/passwd). |
Quote:
Code:
#!/bin/bash-C |
Quote:
Quote:
My estimates were built on my 9+ *Nix experience (not BSD, I've never used it). Thus, I know just one admin who renames root accounts, as he says, by force of habit (17years of nix experience, the age of R-commands...). Another one used it before, but gave up. But all others have never used renaming at all. That was the point of my statement. I didn't mean two or more uid=0 - accounts there. What about "not for this case", I bet this code will work on the Suvra's box. User toor is in doubt in this situation, so checking for uid could allow hacker with uid=0 to perform the operation. It'd probably be stronger to check for both uid and username. Looks funny? If a system is compromised, such ways don't work at all. BTW, I remember that you said nothing about security... And finally, Mr.C, sometimes you're trying to assure me of things I'm assured myself. So, let me express clearly my position. I'm absolutely agree that uid=0 is more portable. I'm agree that users should learn about UID/GID. However, I'm afraid, Suvra has less than 25 nix experience, and he doesn't run some production server. So, I tried to make it easier, partially at the expense of some features which could never been used. I'm agree about sometimes working code. Code should work stable in normal predefined conditions. However, there is no bug-free code in the world. Each program will fail in certain circumstances. Nevertheless, I agree that we should try to make it better. I hope, it'll make the debates more constructive. |
Quote:
If there is something wrong in a system, however, such script could make the situation even worse... You assented about "Code that just sometimes works by design"? And made Four mistakes in 6 lines... #1 You don't use defined variable oracleuser. Well, it's a slip. Then, how do you think the script will behave if there are: #2 No oracle accounts? #3 Several Oracle accounts? #4 Several users with oracle's uid? Absolutely good code is not exist. Even if you correct these, some other will appear... Quote:
PS In the post #17, it'd be easier to get currcount this way: awk -F':' '$3 == 0 {cnt++} END {print cnt}' /etc/passwd |
Quote:
Code:
awk -F':' '$3 == 0 {cnt++} END {if(cnt>1) { cmd="mail ..."; system(cmd) }}' /etc/passwd |
Quote:
Quote:
PS I never had good luck using a bang (!) in an echo...you may want to put it in quotes...(see I can be pathetic too...) -C |
I think its time for this thread to rest.
|
Quote:
-C |
Quote:
|
| All times are GMT -5. The time now is 10:01 AM. |