07-25-2012
Quote:
Originally Posted by
jim mcnamara
I know UNIX, but every time I give a detailed answer to an AIX question I get something not quite right because AIX is, um, different.
You are doing alright. In fact sudo is one of the few things where AIX is different from "normal AIX", because it is absolutely the same as other systems.
Quote:
Originally Posted by
acoomer
Is there no way where we can pass the password as a parameter as how we are passing the user name?
Yes, this is possible. Admins doing this should be tarred and feathered, though. Honestly: you don't want to do this. It is a security hole you can drive a truck through and begs the question: if one user is allowed to know the password of the other user than why can't they share a user-ID anyway?
Keep in mind that shell scripts are plain text - what you write into them can be read with a simple editor. Would you want to put a password simply into a file? You could as well use no password at all instead, no?
Install
sudo, which you can download from the
IBM AIX Toolbox for Linux Applications as an rpm-package.
Basically you define three things in a sudoers file: a "command alias", which is a list of commands (it can even be one command). Then a "user alias", which is the same for a list of users - it can also be one user. The last thing is a list of things to be allowed: a certain user-alias (the list of users defined there) should be allowed to execute the command-alias (the list of commands) not as themselves but as a certain other user (usually, but not necessarily root).
I hope this helps.
bakunin
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
I want to start off by saying thanks to everyone here, you're answers and suggestions are always very helpful.
I have a shell script which is invoked when an email is received. This shell script extracts any attachments that are sent with this email, and then runs a script which submits these... (8 Replies)
Discussion started by: mskarica
8 Replies
2. UNIX for Dummies Questions & Answers
My shell script runs fine both as a cron job and when i issue it.
However, I wish to differentiate when it runs as a cron-job so the "echo" statements are not issued (they get mailed to me, which i don't want).
I tried checking $USER but since the cron was created in my user that does not... (5 Replies)
Discussion started by: sentinel
5 Replies
3. Shell Programming and Scripting
Hi,
I am using HP-UNIX.
I have a requirement as below
I have to change env twice like:
cadenv <env>
cadenv <env>
ccm start -d /dbpath
ccm tar -xvf *.tar
ccm rcv ....
mv *.tar BACKUP
but after I do the first cadenv <env> , I am unable to execute any of the later commands .
... (6 Replies)
Discussion started by: charlei
6 Replies
4. Shell Programming and Scripting
Hi,
I have a shell script file which is set to access permission 000. When I login as root (sudo su) and try to run this script, I am getting the Permission denied error. I have read somewhere that root admin user can execute any kind of permission script. Then why this behavior? However, I can... (1 Reply)
Discussion started by: royalibrahim
1 Replies
5. UNIX for Dummies Questions & Answers
Hi all,
Ok, bear with me on this one, I am a bit new to Unix and it might take me a little bit of time to articulate my question.
I know that every process has a user id and an effective user id. This seems to include the shell itself, because when I type 'ps', I see 'bash' listed as a... (2 Replies)
Discussion started by: oddthingy
2 Replies
6. Shell Programming and Scripting
I'm trying to use su (as myuser) to force another user (theuser) to run a shell script (thescript.sh):
su theuser -c /home/theuser/thescript.sh
However I'm running this from another script, and it is asking for theuser's password. I would rather avoid displaying it in the file (using echo... (2 Replies)
Discussion started by: asdfgg
2 Replies
7. Shell Programming and Scripting
can we know the user id who changed saved script in cron tab..:D (7 Replies)
Discussion started by: netdbaind
7 Replies
8. AIX
Hello,
I am testing sudo and I want to test it. Can anyone please let me know few commands (of course other than shutdown, reboot etc. as I can't reboot the box) on AIX that can be run by ROOT only.
Thanks
---------- Post updated at 07:43 PM ---------- Previous update was at 07:38 PM... (5 Replies)
Discussion started by: prvnrk
5 Replies
9. Shell Programming and Scripting
Hi , we got autosys for scheduling our jobs. Autosys user logs in to the Linux box and need to execute a shell script. problem here is user requires admin privileges on database to complete the task. Since scheduling is maintained by different team I don't want autosys user to have admin privileges... (1 Reply)
Discussion started by: rush143
1 Replies
10. Shell Programming and Scripting
Linux System having all Perl, Python, PHP (and Ruby) installed
From a Shell script, can call a Perl, Python, PHP (or Ruby ?) file
eg
eg
a Shell script run in a case statement call to run a php file, also Perl or/and Python file???
Like
#!/usr/bin/bash
....
....
case $INPUT_STRING... (1 Reply)
Discussion started by: hoyanet
1 Replies
LEARN ABOUT DEBIAN
shell-quote
SHELL-QUOTE(1p) User Contributed Perl Documentation SHELL-QUOTE(1p)
NAME
shell-quote - quote arguments for safe use, unmodified in a shell command
SYNOPSIS
shell-quote [switch]... arg...
DESCRIPTION
shell-quote lets you pass arbitrary strings through the shell so that they won't be changed by the shell. This lets you process commands
or files with embedded white space or shell globbing characters safely. Here are a few examples.
EXAMPLES
ssh preserving args
When running a remote command with ssh, ssh doesn't preserve the separate arguments it receives. It just joins them with spaces and
passes them to "$SHELL -c". This doesn't work as intended:
ssh host touch 'hi there' # fails
It creates 2 files, hi and there. Instead, do this:
cmd=`shell-quote touch 'hi there'`
ssh host "$cmd"
This gives you just 1 file, hi there.
process find output
It's not ordinarily possible to process an arbitrary list of files output by find with a shell script. Anything you put in $IFS to
split up the output could legitimately be in a file's name. Here's how you can do it using shell-quote:
eval set -- `find -type f -print0 | xargs -0 shell-quote --`
debug shell scripts
shell-quote is better than echo for debugging shell scripts.
debug() {
[ -z "$debug" ] || shell-quote "debug:" "$@"
}
With echo you can't tell the difference between "debug 'foo bar'" and "debug foo bar", but with shell-quote you can.
save a command for later
shell-quote can be used to build up a shell command to run later. Say you want the user to be able to give you switches for a command
you're going to run. If you don't want the switches to be re-evaluated by the shell (which is usually a good idea, else there are
things the user can't pass through), you can do something like this:
user_switches=
while [ $# != 0 ]
do
case x$1 in
x--pass-through)
[ $# -gt 1 ] || die "need an argument for $1"
user_switches="$user_switches "`shell-quote -- "$2"`
shift;;
# process other switches
esac
shift
done
# later
eval "shell-quote some-command $user_switches my args"
OPTIONS
--debug
Turn debugging on.
--help
Show the usage message and die.
--version
Show the version number and exit.
AVAILABILITY
The code is licensed under the GNU GPL. Check http://www.argon.org/~roderick/ or CPAN for updated versions.
AUTHOR
Roderick Schertler <roderick@argon.org>
perl v5.8.4 2005-05-03 SHELL-QUOTE(1p)