Run shell script as different user | Unix Linux Forums | UNIX for Advanced & Expert Users

  Go Back    


UNIX for Advanced & Expert Users Expert-to-Expert. Learn advanced UNIX, UNIX commands, Linux, Operating Systems, System Administration, Programming, Shell, Shell Scripts, Solaris, Linux, HP-UX, AIX, OS X, BSD.

Run shell script as different user

UNIX for Advanced & Expert Users


Closed Thread    
 
Thread Tools Search this Thread Display Modes
    #1  
Old 04-16-2005
mskarica mskarica is offline
Registered User
 
Join Date: Jan 2005
Last Activity: 16 May 2005, 9:41 PM EDT
Location: Tallahassee, FL
Posts: 19
Thanks: 0
Thanked 1 Time in 1 Post
Run shell script as different user

I want to start off by saying thanks to everyone here, you're answers and suggestions are always very helpful.

I have a shell script which is invoked when an email is received. This shell script extracts any attachments that are sent with this email, and then runs a script which submits these files to a repository. The problem is that when the script is envoked, "daemon" is the owner of the files that are created, so the ci and co functions will not work properly. I'm trying to find a way where I can change the owner of the process when the script is envoked.

For example, when the script is envoked, the owner is "daemon", but I need to change the owner to "myUserName", so that when the files are created and the other scripts/commands are called, the system will think that "myUserName" is the person running all of the commands/scripts.

Is this at all possible?
Sponsored Links
    #2  
Old 04-16-2005
kduffin's Avatar
kduffin kduffin is offline Forum Advisor  
UN1X
 
Join Date: Nov 2003
Last Activity: 21 January 2014, 4:03 PM EST
Location: Belize
Posts: 484
Thanks: 0
Thanked 3 Times in 2 Posts
Depending on which OS, there are various more secure methods that what I'll suggest. Which OS?

Have you tried setting the group to be the default group of the daemon user, setting the owner to be the user you want to execute your ci/co operations and then making it a setuid (chmod 4550 <script>)?

Keith
Sponsored Links
    #3  
Old 04-19-2005
mskarica mskarica is offline
Registered User
 
Join Date: Jan 2005
Last Activity: 16 May 2005, 9:41 PM EDT
Location: Tallahassee, FL
Posts: 19
Thanks: 0
Thanked 1 Time in 1 Post
I am running on SUN/OS. I have not tried what you mentioned, really not sure how to do it. When I said that the when the script is run with "daemon" being the owner, daemon is the root.

So lets say I send an email with an attachment, and the script is invoked. The file is decoded and and saved to the current directory, then I try to submit it to the repository. Lets say I log on to the unix account to which the email was sent to, if I look at the file (ls -l), I'm not the owner of the file, the owner of the file is daemon, which is the root and is considered "other". I'm almost certain that this is what is causing the ci and co operations to fail.

So.......I need to figure out how to get the script to be invoked, and run as if the owner of the process is another account, even just my account, anything other than "daemon"!

I know when you do chmod there are 3 numbers like chmod 755. You said chmod 4550.....what is the 0 for?

Thanks for the input.

Last edited by mskarica; 04-20-2005 at 11:27 AM..
    #4  
Old 04-21-2005
mskarica mskarica is offline
Registered User
 
Join Date: Jan 2005
Last Activity: 16 May 2005, 9:41 PM EDT
Location: Tallahassee, FL
Posts: 19
Thanks: 0
Thanked 1 Time in 1 Post
Ok, I think I should rephrase my question. I did some more research on daemons, and I think I can ask my question better now.

A daemon is a process that runs in the background (like a fork), whithout user interaction (from what I read). So basically what happens is that when an email is received, and the shell script is invoked, a daemon is running the entire process. I need to find a way where I can make the daemon act as if it were a unix user so that the process is run as if the user is the one who is invoking the scripts that are called in the main script, rather than the daemon.

So my basic idea is: email is received, forwarded to a script (daemon is still the owner at the moment), in the main script first thing I want to do is change the user from the deamon to another valid unix account, so then everything that is performed from there on out is performed as if the unix user that I specify is the one who invoked everything.

Does that make more sense? Any ideas?

Thanks

Last edited by mskarica; 04-21-2005 at 11:30 AM..
Sponsored Links
    #5  
Old 04-27-2005
chuckuykendall chuckuykendall is offline
Registered User
 
Join Date: Apr 2005
Last Activity: 23 January 2014, 3:48 PM EST
Location: McKinney, TX
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Do you know the name of the userid that you want to change to inside the script? If so, you can do a `chown userid` inside the script once the file has been placed in that userid's directory.
Sponsored Links
    #6  
Old 04-27-2005
Perderabo's Avatar
Perderabo Perderabo is offline Forum Staff  
Unix Daemon (Administrator Emeritus)
 
Join Date: Aug 2001
Last Activity: 21 April 2014, 5:11 AM EDT
Location: Ashburn, Virginia
Posts: 9,833
Thanks: 42
Thanked 378 Times in 225 Posts
It's fustrating to provide solutions which are rejected without even being tried.

chmod always uses 4 digits not 3. But the leading digit is usually zero so it looks like 3 digits. That leading 4 will turn on the suid bit and probably solve your problem provided you also follow the rest of kduffin's advice.
Sponsored Links
    #7  
Old 04-29-2005
mskarica mskarica is offline
Registered User
 
Join Date: Jan 2005
Last Activity: 16 May 2005, 9:41 PM EDT
Location: Tallahassee, FL
Posts: 19
Thanks: 0
Thanked 1 Time in 1 Post
sorry perderabo, its not that I was rejecting what kduffin said, it was really that I didn't know what the 4 meant, so I didn't know what I was doing. I did some research afterwards and I saw that the 4 was setuid, to make the script run as the owner, rather than as the daemon.

I believe this is exactly what I need, at least from everything I have read (chmod 4755). I did try it, but now what happens is that when I send an email to the account, I get an email back saying that access to the script was denied. I'm thinking that maybe setuid is disabled on our unix system, since I also read that it could be disabled because of security reasons. So my next step is to ask the sys admin if this is actually the case or not.

What I still dont understand is:
- set the group to be the default group?
- set the owner to the user I want to execute the ci/co functions (would this be the same as doing 'chown' inside the script like chuckuy said?

I am going to try the chown inside my script like chuckuy said and see if that solves my problem, because I DO know the owner of the script ahead of time, and I just need that script to run as this specific user.

I appreciate all of the help from everyone. I will be more than happy to try any other suggestions that anyone else may have for me.

Last edited by mskarica; 04-29-2005 at 12:53 AM..
Sponsored Links
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
How to Login as another user through Shell script from current user[Not Root] ujjwal27 Shell Programming and Scripting 9 05-27-2012 11:50 AM
Shell Script to change a user password using script indrajit_renu Shell Programming and Scripting 3 11-23-2010 06:17 AM
root user command in shell script execute as normal user mnmonu Shell Programming and Scripting 3 10-19-2009 07:42 AM
How do i change to super user then revert back to ordinary user ,using shell script? wrapster Shell Programming and Scripting 3 06-04-2008 07:11 AM
su to another user in shell script akdwivedi Shell Programming and Scripting 1 08-15-2007 01:14 AM



All times are GMT -4. The time now is 06:04 AM.