Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to pass root password with su and command?
Top Forums Shell Programming and Scripting How to pass root password with su and command? Post 303025254 by bakunin on Monday 29th of October 2018 11:35:20 AM
Old 10-29-2018
In general it is a good idea and a valid safety measure to forbid direct root-logins. Still, someone has to become root from time to time and nobody can be expected to do 400 systems manually. Locking the door makes sense. To block it with masonry without creating another entry is idiotic.

If you have Ansible then you have some working ssh-connection with the possibility to execute something with root-privileges because this is how Ansible contacts its clients. Write an Ansible-routine then and deploy it to all eligible systems. This is the preferred solution

If you, for some reason, can't do that, use the ssh-connection directly: use the existing ssh-keys to connect to the systems and run the command(s) with root privileges the same way Ansible does it. You can put that in a script which does that in a loop and cycles through all the systems to be deployed. I once wrote such a script for a site where no Ansible or similar tool was available, here is the core function of it. It won't run outright without the rest of the solution (~1500 lines of code, too much to post it) but you might use it to create your own solution.

The function gets a hostname and executes a list of commands stored in an array by connecting to the host using a globally defined username and executes one command each iteration of the main loop. The success/failure of each command is then logged (f_CmdLog() and f_CmdErr()):

Code:
# --------------------------------------------- pDeployList()
function pDeployList
{
typeset chHost="$1"
typeset -i iRetVal=0
typeset -i iCmdCnt=1

$chFullDebug

while [ $iCmdCnt -le ${#achCmd[*]} ] ; do
     if $SIMULATE ssh -nqo 'BatchMode = yes' \
                           "${chUser}@${chHost}" \
                           "${achCmd[$iCmdCnt]}" ; then
          f_CmdLog "executed ${achCmd[$iCmdCnt]} as ${chUser}@${chHost}"
     else
          f_CmdError "${chUser}@${chHost} # ${achCmd[$iCmdCnt]} ==> $?"
          iRetVal=1
     fi
     (( iCmdCnt += 1 ))
done

return $iRetVal
}

I hope this helps.

bakunin
This User Gave Thanks to bakunin For This Post:
rbatte1
 

10 More Discussions You Might Find Interesting

1. Answers to Frequently Asked Questions

Lost root password / Can't login as root

We have quite a few threads about this subject. I have collected some of them and arranged them by the OS which is primarily discussed in the thread. That is because the exact procedure depends on the OS involved. What's more, since you often need to interact with the boot process, the... (0 Replies)
Discussion started by: Perderabo
0 Replies

2. Linux

how to access root priveliges if root password is lost

wish to know how to access root password it root password is forgotten in linux (1 Reply)
Discussion started by: wojtyla
1 Replies

3. UNIX for Dummies Questions & Answers

I need it to prompt me for a root password, so I don't have to log as root

Hi folks, I'm trying to install a program, and I want to place some of the executables into /usr/bin so that they can be executed from any folder on the computer. I've been giveng the root password, but told never to log in directly as root. Instead, I can wait for a password prompt. However, I... (2 Replies)
Discussion started by: lunchtime
2 Replies

4. UNIX for Advanced & Expert Users

su command without password prompt to non-root account

Hello. I searched the internet for answers and don't seem to find any for about a day now. My problem. I want to su to a non-root account non-interactively, e.g. if I want to temporarily become prdusr, I want to su prdusr without keying prdusr's password every time. What I want is... (10 Replies)
Discussion started by: royale-sojin
10 Replies

5. Shell Programming and Scripting

how to change root password using shell script with standard password

Hi Friends. I am new to scripting now i want to change the root password using the script with standard password. which is the easy scripting to learn for the beginner, Thanks in advance. (2 Replies)
Discussion started by: kurva
2 Replies

6. Solaris

Solaris 8 - Asks for current root password when trying to change root password.

Hello All, I have several solaris boxes running Solaris 8. When changing root passwords on them, all will simply ask for the new root password to change and of course to re-type the new password. One of the systems however asks for the existing root password before it will display the new password... (8 Replies)
Discussion started by: tferrazz
8 Replies

7. Shell Programming and Scripting

Pass root password through script

I have several clients (over 120) connected to my server. I want to push some patch to all the client using a script which copies the file from the server to a specific path on the client and then installs it. But for installation of the patch, it needs to be done thorough root login on client.... (7 Replies)
Discussion started by: shahdeo
7 Replies

8. Solaris

Lost Root Password on VXVM Encapsulated Root Disk

Hi All Hope it's okay to post on this sub-forum, couldn't find a better place I've got a 480R running solaris 8 with veritas volume manager managing all filesystems, including an encapsulated root disk (I believe the root disk is encapsulated as one of the root mirror disks has an entry under... (1 Reply)
Discussion started by: sunnyd76
1 Replies

9. Ubuntu

Root access that can't change root password?

We are having a little problem on a server. We want that some users should be able to do e.g. sudo and become root, but with the restriction that the user can't change root password. That is, a guarantee that we still can login to that server and become root no matter of what the other users will... (2 Replies)
Discussion started by: 244an
2 Replies

10. UNIX for Beginners Questions & Answers

Can a root role change the root password in Solaris 10?

i do not have root on a solairs 10 server , however i do have the root role, i was wondering if I can change the root password as a a role with the passwd command? I have not tried yet. and do i have to use the # chgkey -p afterwards? i need to patch is why i am asking. thanks (1 Reply)
Discussion started by: goya
1 Replies

LEARN ABOUT MOJAVE

dsenableroot

dsenableroot(8) 					    BSD System Manager's Manual 					   dsenableroot(8)

NAME

     dsenableroot -- enables or disables the root account.

SYNOPSIS

     dsenableroot [-d] [-u username] [-p password] [-r rootPassword]

DESCRIPTION

     dsenableroot sets the password for the root account if enabling the root user account.  Otherwise, if disable [-d] is chosen, the root
     account passwords are removed and the root user is disabled.

     A list of flags and their descriptions:

     -u username
	      Username of a user that has administrative privileges on this computer.

     -p password
	      Password to use in conjunction with the specified username.  If this is not specified, you will be prompted for entry.

     -r rootPassword
	      Password to be used for the root account.  If this is not specified for enabling, you will be prompted for entry.

EXAMPLES

     -dsenableroot
	      Your username will be used and you will be queried for both your password and the new root password to be set to enable the root
	      account.

     -dsenableroot -d
	      Your username will be used and you will be queried for only your password to disable the root account.

     -dsenableroot -u username -p userpassword -r rootpassword
	      The supplied arguments will be used to enable the root account.

     -dsenableroot -d -u username -p userpassword
	      The supplied arguments will be used to disable the root account.

Mac OS								  August 08 2003							    Mac OS
All times are GMT -4. The time now is 08:37 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy