Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Running a script as root in the script
Top Forums Programming Running a script as root in the script Post 303007472 by rbatte1 on Friday 17th of November 2017 04:43:29 AM
Old 11-17-2017
Gluing everything in this thread together, we have (my insertions in green):-
Code:
#!/bin/bash

if [ $(id -u) -ne 0 ]
then
   exec sudo $0 "$@"             # Will overwrite this process so script does not continue as self
fi                               # Any arguments are passed on as supplied

# A superuser will carry on through here

LOGFILE=/var/lib/creation.log    # .... or whatever suits you

dir=/mnt/sftp
group=sftp_users	

echo "Enter UserName:"
read user

if id $user ; then
        echo "$user already exists as you can see above, please re-run the script"
        exit
else
        echo "$user not in system, ok to continue"
fi

echo "Enter Password:"
read passwd
echo "$user:$passwd" >> /ftp_details/accounts.csv
echo "is this a normal user (press 1) ?"
read choice
    
case $choice in
        1)
            echo "$(date) : User $SUDO_USER creating $user" >> $LOGFILE
            useradd -g $group -d $dir/$user -s /sbin/nologin $user
            mkdir -p $dir/$user/data
            chown root $dir/$user
            chmod 755 $dir/$user
            chown $user $dir/$user/data
            chmod 755 $dir/$user/data
            touch $dir/$user/data/WARNING_everything_in_here_will_get_removed_in_14_days_time.txt
            ;;
        *)
            echo "invalid selection, please re-run the script"
            exit
            ;;
esac

echo $user:$passwd | chpasswd

You would then need to add a rule using visudo to allow your selected user(s)/group(s) to run this script. You will need to be a super-user to run visudo
Add the lines like these:-
Code:
#Individual users
robert1			ALL = NOPASSWD: /path/to/this_script
trusted1		ALL = PASSWD: /path/to/this_script

#Group members are trusted
%trustedgroup		ALL = PASSWD: /path/to/this_script

The account robert1 will just pass into the script, but trusted1 and members of the group trustedgroup will have to enter their own password to continue. This means they don't need to know the all-powerful account password. If they do, then there is no way to control them.

Using sudo means that you can grant them privileges they need for just when they are doing what you want and nothing more, i.e. you trust them to run this script, but not to become the super-user because they might remove /etc/passwd by mistake.


How far does this get you now?


Am I just more confusing? Apologies if I am.
Robin
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Run non-root script as root with non-root environment

All, I want to run a non-root script as the root user with non-root environment variables with crontab. The non-root user would have environment variables for database access such as Oracle or Sybase. The root user does not have the Oracle or Sybase enviroment variables. I thought you could do... (2 Replies)
Discussion started by: bubba112557
2 Replies

2. Shell Programming and Scripting

Running a command or script as root

I'm writing an application (Progress language) that needs to: 1) load the contents of a cron table into the Progress application; 2) display this information in a human manner and allow a select group of people to update it (these people are logged in as themselves, not as root); 3) save... (3 Replies)
Discussion started by: rm-r
3 Replies

3. Shell Programming and Scripting

As root , running script as different user with su - problem

Dear All I am running into a situation where I am running a script as another user lets say oracle using su command as below, and the script fails because the .profile of oracle is not executed so the environment variables are not set. cat /etc/passwd | grep oracle... (4 Replies)
Discussion started by: dbsupp
4 Replies

4. Cybersecurity

Running script through SSH as root

Hi all, I have a situation where I have a shell script that I need to run remotely on multiple *nix machines via SSH. Unfortunately, some of the commands in it require root access. I know that best practices for ssh entail configuring it so that the root account cannot log in, you need to... (4 Replies)
Discussion started by: irinotecan
4 Replies

5. Shell Programming and Scripting

Issue running script as root

1) Environment:Red Hat Linux, bash shell Script to be run owned by user :myUser Home environment of myUser: pathto/home 2) ESP agent with root access will run JobXXX.sh su - myUser -c "/pathto/home/bin/script.sh" where script.sh has some echo statements and an exit statement in the end... (4 Replies)
Discussion started by: cj09
4 Replies

6. Shell Programming and Scripting

Need to run a bash script that logs on as a non-root user and runs script as root

So I have a script that runs as a non-root user, lets say the username is 'xymon' . This script needs to log on to a remote system as a non-root user also and call up a bash script that runs another bash script as root. in short: user xymon on system A needs to run a file as root user and have... (2 Replies)
Discussion started by: damang111
2 Replies

7. Shell Programming and Scripting

Script for running root based C++ code

Hi all, I have to run C++ file using root programming, using following commands: $root -l root .L TwoTrees.C++ root TwoTrees t root t.Loop() root.q I wonder if I can write script to do the following. Thanks Pooja (12 Replies)
Discussion started by: nrjrasaxena
12 Replies

8. Shell Programming and Scripting

Script will keep checking running status of another script and also restart called script at night

I am using blow script :-- #!/bin/bash FIND=$(ps -elf | grep "snmp_trap.sh" | grep -v grep) #check snmp_trap.sh is running or not if then # echo "process found" exit 0; else echo "process not found" exec /home/Ketan_r /snmp_trap.sh 2>&1 & disown -h ... (1 Reply)
Discussion started by: ketanraut
1 Replies

9. Shell Programming and Scripting

Running a script as root but with different users inside

Hi All, my script.sh has the below lines, and i need to run the script as root or wam. please tell me if this will work #!/bin/bash sudo -t wam /usr/local/wam/stopwam -r ------- this needs run as wam user /usr/local/web/stopweb -a --- this needs to run as... (18 Replies)
Discussion started by: nanz143
18 Replies

10. Shell Programming and Scripting

Root running a script calling to scp using user "xyz" is not authenticating!

Close duplicate thread. (0 Replies)
Discussion started by: denissi
0 Replies

LEARN ABOUT OSX

passwd

PASSWD(1)						    BSD General Commands Manual 						 PASSWD(1)

NAME

     passwd -- modify a user's password

SYNOPSIS

     passwd [-i infosystem [-l location]] [-u authname] [user]

DESCRIPTION

     The passwd utility changes the user's password.  If the user is not the super-user, passwd first prompts for the current password and will
     not continue unless the correct password is entered.

     When entering the new password, the characters entered do not echo, in order to avoid the password being seen by a passer-by.  The passwd
     utility prompts for the new password twice in order to detect typing errors.

     The new password should be at least six characters long and not purely alphabetic.  Its total length should be less than _PASSWORD_LEN (cur-
     rently 128 characters), although some directory systems allow longer passwords.  Numbers, upper case letters, and meta characters are encour-
     aged.

     Once the password has been verified, passwd communicates the new password to the directory system.

     -i infosystem
	   This option specifies where the password update should be applied.  Under Mac OS X 10.5 and later, supported directory systems are:

	   PAM	 (default) Pluggable Authentication Modules.

	   opendirectory
		 A system conforming to Open Directory APIs and supporting updates (including LDAP, etc).  If no -l option is specified, the
		 search node is used.

	   file  The local flat-files (included for legacy configurations).

	   nis	 A remote NIS server containing the user's password.

     -l location
	   This option causes the password to be updated in the given location of the chosen directory system.

	   for file,
		 location may be a file name (/etc/master.passwd is the default)

	   for nis,
		 location may be a NIS domainname

	   for opendirectory,
		 location may be a directory node name

	   for PAM,
		 location is not used

     -u authname
	   This option specifies the user name to use when authenticating to the directory node.

     user  This optional argument specifies the user account whose password will be changed.  This account's current password may be required,
	   even when run as the super-user, depending on the directory system.

FILES

     /etc/master.passwd  The user database
     /etc/passwd	 A Version 7 format password file
     /etc/passwd.XXXXXX  Temporary copy of the password file

SEE ALSO

     chpass(1), login(1), dscl(1), passwd(5), pwd_mkdb(8), vipw(8)

     Robert Morris and Ken Thompson, UNIX password security.

HISTORY

     A passwd command appeared in Version 6 AT&T UNIX.

Mac OS X							  August 18, 2008							  Mac OS X
All times are GMT -4. The time now is 03:39 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy