The most common way to do that is to have the script run with SetUID permissions. Then whenever the script is executed by any user it will run with the permisssions of the owner of the file, here, root. You will not need to use "su" in the script with this method. To change the permissions on your script to SetUID, navigate to the directory where the script is located and run the following as root:
# chmod 4755 <script_name>
When you create the script, make root the owner and the above should work. Create the script as an ordinary user and get it working the way you want. Then change the owner with:
# chown root <script_name>
After that, run the chmod command above. In the above, "755" gives the owner read and execute permissions and the "4" in front sets the SetUID flag. This will prevent alteration of the script once it's set up and running properly. If you subsequently want to edit the script, you'll have to reset the permissions as root with "chmod 777"(i.e. rwx permissions), edit the script and set it back with "chmod 4755".
CAUTION: The above stikes me as an insecure practice. Ordinary users should not normally be given the ability to add users and running SetUID should be used sparingly since ordinary users are running an executable with root privileges. It is preferable to using "su" which would require that the root password be inputted automatically from a text file containing the root password and that text file would have to be readable by ordinary users, an obviously very insecure practice.
|