Gluing everything in this thread together, we have (my insertions in green):-
You would then need to add a rule using visudo to allow your selected user(s)/group(s) to run this script. You will need to be a super-user to run visudo
Add the lines like these:-
The account robert1 will just pass into the script, but trusted1 and members of the group trustedgroup will have to enter their own password to continue. This means they don't need to know the all-powerful account password. If they do, then there is no way to control them.
Using sudo means that you can grant them privileges they need for just when they are doing what you want and nothing more, i.e. you trust them to run this script, but not to become the super-user because they might remove /etc/passwd by mistake.
How far does this get you now?
Am I just more confusing? Apologies if I am.
Robin
All,
I want to run a non-root script as the root user with non-root environment variables with crontab. The non-root user would have environment variables for database access such as Oracle or Sybase. The root user does not have the Oracle or Sybase enviroment variables. I thought you could do... (2 Replies)
I'm writing an application (Progress language) that needs to:
1) load the contents of a cron table into the Progress application;
2) display this information in a human manner and allow a select group of people to update it (these people are logged in as themselves, not as root);
3) save... (3 Replies)
Dear All
I am running into a situation where I am running a script as another user lets say oracle using su command as below, and the script fails because the .profile of oracle is not executed so the environment variables are not set.
cat /etc/passwd | grep oracle... (4 Replies)
Hi all,
I have a situation where I have a shell script that I need to run remotely on multiple *nix machines via SSH. Unfortunately, some of the commands in it require root access. I know that best practices for ssh entail configuring it so that the root account cannot log in, you need to... (4 Replies)
1) Environment:Red Hat Linux, bash shell
Script to be run owned by user :myUser
Home environment of myUser: pathto/home
2) ESP agent with root access will run
JobXXX.sh
su - myUser -c "/pathto/home/bin/script.sh"
where script.sh has some echo statements and an exit statement in the end... (4 Replies)
So I have a script that runs as a non-root user, lets say the username is 'xymon' .
This script needs to log on to a remote system as a non-root user also and call up a bash script that runs another bash script as root.
in short: user xymon on system A needs to run a file as root user and have... (2 Replies)
Hi all,
I have to run C++ file using root programming, using following commands:
$root -l
root .L TwoTrees.C++
root TwoTrees t
root t.Loop()
root.q
I wonder if I can write script to do the following.
Thanks
Pooja (12 Replies)
I am using blow script :--
#!/bin/bash
FIND=$(ps -elf | grep "snmp_trap.sh" | grep -v grep) #check snmp_trap.sh is running or not
if
then
# echo "process found"
exit 0;
else
echo "process not found"
exec /home/Ketan_r /snmp_trap.sh 2>&1 & disown -h ... (1 Reply)
Hi All, my script.sh has the below lines, and i need to run the script as root or wam. please tell me if this will work
#!/bin/bash
sudo -t wam /usr/local/wam/stopwam -r ------- this needs run as wam user
/usr/local/web/stopweb -a --- this needs to run as... (18 Replies)
PASSWD(1) BSD General Commands Manual PASSWD(1)NAME
passwd -- modify a user's password
SYNOPSIS
passwd [-i infosystem [-l location]] [-u authname] [user]
DESCRIPTION
The passwd utility changes the user's password. If the user is not the super-user, passwd first prompts for the current password and will
not continue unless the correct password is entered.
When entering the new password, the characters entered do not echo, in order to avoid the password being seen by a passer-by. The passwd
utility prompts for the new password twice in order to detect typing errors.
The new password should be at least six characters long and not purely alphabetic. Its total length should be less than _PASSWORD_LEN (cur-
rently 128 characters), although some directory systems allow longer passwords. Numbers, upper case letters, and meta characters are encour-
aged.
Once the password has been verified, passwd communicates the new password to the directory system.
-i infosystem
This option specifies where the password update should be applied. Under Mac OS X 10.5 and later, supported directory systems are:
PAM (default) Pluggable Authentication Modules.
opendirectory
A system conforming to Open Directory APIs and supporting updates (including LDAP, etc). If no -l option is specified, the
search node is used.
file The local flat-files (included for legacy configurations).
nis A remote NIS server containing the user's password.
-l location
This option causes the password to be updated in the given location of the chosen directory system.
for file,
location may be a file name (/etc/master.passwd is the default)
for nis,
location may be a NIS domainname
for opendirectory,
location may be a directory node name
for PAM,
location is not used
-u authname
This option specifies the user name to use when authenticating to the directory node.
user This optional argument specifies the user account whose password will be changed. This account's current password may be required,
even when run as the super-user, depending on the directory system.
FILES
/etc/master.passwd The user database
/etc/passwd A Version 7 format password file
/etc/passwd.XXXXXX Temporary copy of the password file
SEE ALSO chpass(1), login(1), dscl(1), passwd(5), pwd_mkdb(8), vipw(8)
Robert Morris and Ken Thompson, UNIX password security.
HISTORY
A passwd command appeared in Version 6 AT&T UNIX.
Mac OS X August 18, 2008 Mac OS X