Gluing everything in this thread together, we have (my insertions in green):-
You would then need to add a rule using visudo to allow your selected user(s)/group(s) to run this script. You will need to be a super-user to run visudo
Add the lines like these:-
The account robert1 will just pass into the script, but trusted1 and members of the group trustedgroup will have to enter their own password to continue. This means they don't need to know the all-powerful account password. If they do, then there is no way to control them.
Using sudo means that you can grant them privileges they need for just when they are doing what you want and nothing more, i.e. you trust them to run this script, but not to become the super-user because they might remove /etc/passwd by mistake.
How far does this get you now?
Am I just more confusing? Apologies if I am.
Robin
All,
I want to run a non-root script as the root user with non-root environment variables with crontab. The non-root user would have environment variables for database access such as Oracle or Sybase. The root user does not have the Oracle or Sybase enviroment variables. I thought you could do... (2 Replies)
I'm writing an application (Progress language) that needs to:
1) load the contents of a cron table into the Progress application;
2) display this information in a human manner and allow a select group of people to update it (these people are logged in as themselves, not as root);
3) save... (3 Replies)
Dear All
I am running into a situation where I am running a script as another user lets say oracle using su command as below, and the script fails because the .profile of oracle is not executed so the environment variables are not set.
cat /etc/passwd | grep oracle... (4 Replies)
Hi all,
I have a situation where I have a shell script that I need to run remotely on multiple *nix machines via SSH. Unfortunately, some of the commands in it require root access. I know that best practices for ssh entail configuring it so that the root account cannot log in, you need to... (4 Replies)
1) Environment:Red Hat Linux, bash shell
Script to be run owned by user :myUser
Home environment of myUser: pathto/home
2) ESP agent with root access will run
JobXXX.sh
su - myUser -c "/pathto/home/bin/script.sh"
where script.sh has some echo statements and an exit statement in the end... (4 Replies)
So I have a script that runs as a non-root user, lets say the username is 'xymon' .
This script needs to log on to a remote system as a non-root user also and call up a bash script that runs another bash script as root.
in short: user xymon on system A needs to run a file as root user and have... (2 Replies)
Hi all,
I have to run C++ file using root programming, using following commands:
$root -l
root .L TwoTrees.C++
root TwoTrees t
root t.Loop()
root.q
I wonder if I can write script to do the following.
Thanks
Pooja (12 Replies)
I am using blow script :--
#!/bin/bash
FIND=$(ps -elf | grep "snmp_trap.sh" | grep -v grep) #check snmp_trap.sh is running or not
if
then
# echo "process found"
exit 0;
else
echo "process not found"
exec /home/Ketan_r /snmp_trap.sh 2>&1 & disown -h ... (1 Reply)
Hi All, my script.sh has the below lines, and i need to run the script as root or wam. please tell me if this will work
#!/bin/bash
sudo -t wam /usr/local/wam/stopwam -r ------- this needs run as wam user
/usr/local/web/stopweb -a --- this needs to run as... (18 Replies)
NEWGRP(1) User Commands NEWGRP(1)NAME
newgrp - log in to a new group
SYNOPSIS
newgrp [-] [group]
DESCRIPTION
The newgrp command is used to change the current group ID during a login session. If the optional - flag is given, the user's environment
will be reinitialized as though the user had logged in, otherwise the current environment, including current working directory, remains
unchanged.
newgrp changes the current real group ID to the named group, or to the default group listed in /etc/passwd if no group name is given.
newgrp also tries to add the group to the user groupset. If not root, the user will be prompted for a password if she does not have a
password (in /etc/shadow if this user has an entry in the shadowed password file, or in /etc/passwd otherwise) and the group does, or if
the user is not listed as a member and the group has a password. The user will be denied access if the group password is empty and the user
is not listed as a member.
If there is an entry for this group in /etc/gshadow, then the list of members and the password of this group will be taken from this file,
otherwise, the entry in /etc/group is considered.
CONFIGURATION
The following configuration variables in /etc/login.defs change the behavior of this tool:
SYSLOG_SG_ENAB (boolean)
Enable "syslog" logging of sg activity.
FILES
/etc/passwd
User account information.
/etc/shadow
Secure user account information.
/etc/group
Group account information.
/etc/gshadow
Secure group account information.
SEE ALSO id(1), login(1), su(1), sg(1), gpasswd(1), group(5), gshadow(5).
shadow-utils 4.5 01/25/2018 NEWGRP(1)