Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Running a script as root in the script
Top Forums Programming Running a script as root in the script Post 303007472 by rbatte1 on Friday 17th of November 2017 04:43:29 AM
Old 11-17-2017
Gluing everything in this thread together, we have (my insertions in green):-
Code:
#!/bin/bash

if [ $(id -u) -ne 0 ]
then
   exec sudo $0 "$@"             # Will overwrite this process so script does not continue as self
fi                               # Any arguments are passed on as supplied

# A superuser will carry on through here

LOGFILE=/var/lib/creation.log    # .... or whatever suits you

dir=/mnt/sftp
group=sftp_users	

echo "Enter UserName:"
read user

if id $user ; then
        echo "$user already exists as you can see above, please re-run the script"
        exit
else
        echo "$user not in system, ok to continue"
fi

echo "Enter Password:"
read passwd
echo "$user:$passwd" >> /ftp_details/accounts.csv
echo "is this a normal user (press 1) ?"
read choice
    
case $choice in
        1)
            echo "$(date) : User $SUDO_USER creating $user" >> $LOGFILE
            useradd -g $group -d $dir/$user -s /sbin/nologin $user
            mkdir -p $dir/$user/data
            chown root $dir/$user
            chmod 755 $dir/$user
            chown $user $dir/$user/data
            chmod 755 $dir/$user/data
            touch $dir/$user/data/WARNING_everything_in_here_will_get_removed_in_14_days_time.txt
            ;;
        *)
            echo "invalid selection, please re-run the script"
            exit
            ;;
esac

echo $user:$passwd | chpasswd

You would then need to add a rule using visudo to allow your selected user(s)/group(s) to run this script. You will need to be a super-user to run visudo
Add the lines like these:-
Code:
#Individual users
robert1			ALL = NOPASSWD: /path/to/this_script
trusted1		ALL = PASSWD: /path/to/this_script

#Group members are trusted
%trustedgroup		ALL = PASSWD: /path/to/this_script

The account robert1 will just pass into the script, but trusted1 and members of the group trustedgroup will have to enter their own password to continue. This means they don't need to know the all-powerful account password. If they do, then there is no way to control them.

Using sudo means that you can grant them privileges they need for just when they are doing what you want and nothing more, i.e. you trust them to run this script, but not to become the super-user because they might remove /etc/passwd by mistake.


How far does this get you now?


Am I just more confusing? Apologies if I am.
Robin
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Run non-root script as root with non-root environment

All, I want to run a non-root script as the root user with non-root environment variables with crontab. The non-root user would have environment variables for database access such as Oracle or Sybase. The root user does not have the Oracle or Sybase enviroment variables. I thought you could do... (2 Replies)
Discussion started by: bubba112557
2 Replies

2. Shell Programming and Scripting

Running a command or script as root

I'm writing an application (Progress language) that needs to: 1) load the contents of a cron table into the Progress application; 2) display this information in a human manner and allow a select group of people to update it (these people are logged in as themselves, not as root); 3) save... (3 Replies)
Discussion started by: rm-r
3 Replies

3. Shell Programming and Scripting

As root , running script as different user with su - problem

Dear All I am running into a situation where I am running a script as another user lets say oracle using su command as below, and the script fails because the .profile of oracle is not executed so the environment variables are not set. cat /etc/passwd | grep oracle... (4 Replies)
Discussion started by: dbsupp
4 Replies

4. Cybersecurity

Running script through SSH as root

Hi all, I have a situation where I have a shell script that I need to run remotely on multiple *nix machines via SSH. Unfortunately, some of the commands in it require root access. I know that best practices for ssh entail configuring it so that the root account cannot log in, you need to... (4 Replies)
Discussion started by: irinotecan
4 Replies

5. Shell Programming and Scripting

Issue running script as root

1) Environment:Red Hat Linux, bash shell Script to be run owned by user :myUser Home environment of myUser: pathto/home 2) ESP agent with root access will run JobXXX.sh su - myUser -c "/pathto/home/bin/script.sh" where script.sh has some echo statements and an exit statement in the end... (4 Replies)
Discussion started by: cj09
4 Replies

6. Shell Programming and Scripting

Need to run a bash script that logs on as a non-root user and runs script as root

So I have a script that runs as a non-root user, lets say the username is 'xymon' . This script needs to log on to a remote system as a non-root user also and call up a bash script that runs another bash script as root. in short: user xymon on system A needs to run a file as root user and have... (2 Replies)
Discussion started by: damang111
2 Replies

7. Shell Programming and Scripting

Script for running root based C++ code

Hi all, I have to run C++ file using root programming, using following commands: $root -l root .L TwoTrees.C++ root TwoTrees t root t.Loop() root.q I wonder if I can write script to do the following. Thanks Pooja (12 Replies)
Discussion started by: nrjrasaxena
12 Replies

8. Shell Programming and Scripting

Script will keep checking running status of another script and also restart called script at night

I am using blow script :-- #!/bin/bash FIND=$(ps -elf | grep "snmp_trap.sh" | grep -v grep) #check snmp_trap.sh is running or not if then # echo "process found" exit 0; else echo "process not found" exec /home/Ketan_r /snmp_trap.sh 2>&1 & disown -h ... (1 Reply)
Discussion started by: ketanraut
1 Replies

9. Shell Programming and Scripting

Running a script as root but with different users inside

Hi All, my script.sh has the below lines, and i need to run the script as root or wam. please tell me if this will work #!/bin/bash sudo -t wam /usr/local/wam/stopwam -r ------- this needs run as wam user /usr/local/web/stopweb -a --- this needs to run as... (18 Replies)
Discussion started by: nanz143
18 Replies

10. Shell Programming and Scripting

Root running a script calling to scp using user "xyz" is not authenticating!

Close duplicate thread. (0 Replies)
Discussion started by: denissi
0 Replies

LEARN ABOUT PHP

newgrp

NEWGRP(1)                                                          User Commands                                                         NEWGRP(1)

NAME

       newgrp - log in to a new group

SYNOPSIS

       newgrp [-] [group]

DESCRIPTION

       The newgrp command is used to change the current group ID during a login session. If the optional - flag is given, the user's environment
       will be reinitialized as though the user had logged in, otherwise the current environment, including current working directory, remains
       unchanged.

       newgrp changes the current real group ID to the named group, or to the default group listed in /etc/passwd if no group name is given.
       newgrp also tries to add the group to the user groupset. If not root, the user will be prompted for a password if she does not have a
       password (in /etc/shadow if this user has an entry in the shadowed password file, or in /etc/passwd otherwise) and the group does, or if
       the user is not listed as a member and the group has a password. The user will be denied access if the group password is empty and the user
       is not listed as a member.

       If there is an entry for this group in /etc/gshadow, then the list of members and the password of this group will be taken from this file,
       otherwise, the entry in /etc/group is considered.

CONFIGURATION

       The following configuration variables in /etc/login.defs change the behavior of this tool:

       SYSLOG_SG_ENAB (boolean)
           Enable "syslog" logging of sg activity.

FILES

       /etc/passwd
           User account information.

       /etc/shadow
           Secure user account information.

       /etc/group
           Group account information.

       /etc/gshadow
           Secure group account information.

SEE ALSO

       id(1), login(1), su(1), sg(1), gpasswd(1), group(5), gshadow(5).

shadow-utils 4.5                                                    01/25/2018                                                           NEWGRP(1)
All times are GMT -4. The time now is 12:16 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy