Hi All,

I need to write a script in which i have to execute some commands after
sudo su - abc
command. Above command ask for password which i need to give through script.

please help me in this. there is no issue if the password is in plain text. It will be great if we can provide encrypted password.

Note: we cant do any changes in visudo file.

I assume that when you say "we cant do any changes in visudo file" that you mean that you cannot use visudo to make changes to the sudoers file.

That is a serious restriction, since the only supported way to bypass the password requirement is by configuration of that particular command to use the NOPASS: option in the sudoers file.
Any other means is an attempt to bypass server security and would certainly cause me to take rather abrupt action if I were the System Administrator for that server.

1. Can you get help from someone who CAN make changes to the sudoers file?
2. If not, are you approved to use another technique that does not involve sudo?

I have to wonder why someone who is not authorized to configure sudo would be required to modify sudo behavior. Is there something else involved here that we should understand?

I believe sudo has an option -S, so you can do something like:
echo PASSWORD | sudo -S <command>
I don't know if I have the syntax right, but it is something like that...

Thanks for all your Input!!

actually the scenario is we have to do some regular task which can be done only after login with that user for this we need to fire command sudo su - abc. The owner of this server is someone else. to help myself i am writing a script to automate this task.

Drop the sudo and su, you don't need both! Just read the man pages and you'll see that you can change the effective user with either. "sudo su -" us a construct used in cases where the root password is non-existent in practice such as with Ubuntu Linux.

For your purposes, your best bet is sudo, see the -A option. But, you can do much better using a little hack with SSH if the box has installed the server. Create a keypair without a password *locally*, upload to the admin account, copy the public part to the target user account. Set up a cron job that runs an rsh-like job in the target account using ssh. Your done.

Thanx vorbote!!

can you please explain it further. how this process goes.

please explain this with an example/set of commands.

With sudo, this is a matter of using the -A option and find a way to feed it the password automagically: "sudo -A -u <target_user> <command>. You set the ASK_PASS environment variable in the source account to a small program that automatically dumps the password to standard output when executed, see sudo(1) for a better explanation. In any case, it is as insecure are you can get.

With ssh, it is almost as if using rsh, but secure. You create a paswordless keypair, copy the public key to the target user .ssh directory and there you have it, you can do "ssh target_user@localhost" and it logs you in automatically without a password. Then you create a crontab entry for your source user with "crontab -e" (check crontab(5) for format details) with a command of the form "ssh target_user@localhost <command to be executed>" and that's it.

A good example of how this ssh setup works is the shell access service at SourceForge. See <http://sourceforge.net/apps/trac/sourceforge/wiki/Shell service> for a description.