changing user using su in shell script

route · 11-12-2011, 01:19 PM

Hi,
i have script where i want to switch user and run some command using that user how can i do this?
e.g

script ran from "user1"

...
..

su - user2
...
..
..
exit
#loged out from user 2 execution continued as user1
.....
....

i dont want script to promot user for password for user2 .Is there any i can do this.I want to hardcode password.

i am using Hp unix and dont have expect installed

.

ButterflyMelissa · 11-12-2011, 01:30 PM

Maybe (just maybe) there is a way: allow the user 1 to run this one command. Put that user in a group (as only member) that is allowed to do this. Set permissions as needed, "stir gently and serve chilled"

(it's saturday nite here)

Thor

jthill · 11-12-2011, 01:49 PM

Does it have to be su? Sales pitch for sudo: sudo is built for one-off command execution and its security requirements can be tuned very nicely. I've got mine set up to allow anybody at all to execute any command as user 'nobody', with no password required; and I can install packages and reboot with no password, and so forth.

Don't let the man page scare you. Look at the examples section to get an idea what's going on, mine is

Code:

# anybody in group "sudo", on any machine, can do anything by giving their password
%sudo ALL=(ALL) ALL

# anybody that can get to a shell prompt can do anything as user 'nobody', no password
ALL ALL = (nobody) NOPASSWD: ALL

# I can install, upgrade, shutdown and reboot without a password. Because a-g install arguments take 
# suffix overrides, I can also remove packages with no password, which isn't exactly apparent here.
jthill ALL = (ALL) NOPASSWD: /usr/bin/apt-get install *
jthill ALL = (ALL) NOPASSWD: /usr/bin/apt-get update
jthill ALL = (ALL) NOPASSWD: /usr/bin/apt-get upgrade
jthill ALL = (ALL) NOPASSWD: /usr/bin/apt-get dist-upgrade
jthill ALL = (ALL) NOPASSWD: /sbin/telinit [60]

suicidaleggroll · 11-12-2011, 02:58 PM

How about using ssh keys to allow password-less login from user1@localhost to user2@localhost. Then your script only needs to ssh to localhost as user2 and run a command.

tuxdev · 11-13-2011, 12:20 AM

I'll reinforce the notion that sudo sounds like right tool for this job.

route · 11-14-2011, 12:21 AM

Thanks all for quick help

i am not allow to run sudo

.
i will try with ssh keys but problem is that i have many machines which keeps on changing so ssh key logic i need to turn dynamic so that in runtime it will add keys.

just to add more info
my script do following (explanation for need of su).
run from user 1(need to run from this user because only user 1 can detect user for target file system (i.e. user2))

su user 2
copy some content to file system where only user 2 have permission to write
file system permission 755

is ther any other way of copying with other user other than using su?

Reuti · 11-14-2011, 07:39 AM

You have many machines but the home of user2 stays the same, i.e. it’s shared across the machines?

Instead of su you could then use a plain scp too, but this involves again ssh-keys. Or as an alternative: hostbased authorization and in user2’s home you can create a file ~/.shosts where you can list the machine from which you connect, and so user1 can login to this account without any password:

Code:

$ cat ~user2/.shosts
mylocalmachine user1