i think i have got the solution for this but want to run it past you guys first
when i run a script sometimes its necassary to sudo to root so it can create users, chmod etc etc, the normal way for me doing this is just to simply run the script as root
but i have created a user and that user can sudo up to root level so im thinking of doing the "if/then" statement with the "id" command
Code:
if [ id -u root -ne 0 ]; then
su
echo "type in the root password"
The command id -u root will return the string 0 on any UNIX system. The current real or effective UID of the person running the script has no effect on the results produced by this command.
The test command [ id -u root -ne 0 ] does not run the id command; it invokes test with the five arguments id, -u, root, -ne, and 0. And that is not a valid set of arguments to be given to the test utility.
Nothing in your script after invoking su will be run with root privileges. The su utility, if given a proper password, will start a shell and nothing in the rest of your script will be run until that shell exits.
If you were running the id command, the exit code of that utility is not related to the uid or euid of the user running the process; it only tells you whether or not the user you name with the -u option is known on your system.
Would something more like:
Code:
if [ "$LOGNAME" != "root" ]
then echo 'type in root password'
su <<EOF
sh command_file
EOF
else sh command_file
fi
where command_file is the pathname of a file containing the commands you want this script to run with root privileges.
So, do you want anybody to be able to start the script, however if you detect that you are not the super-user account, you want to restart the script as the super-user instead?
Two quick options I can think of:-
Make the script owned by root and set the SUID flag. Use chmod but add a leading 1 to the numeric description, e.g. if the file is rwxr-x---, then chmod 1750 filename
Set everyone you want to up as a sudo user with NOPASSWD for this script, then add this to the top of your script:-
Code:
if [ $(id -u) -ne 0 ]
then
exec sudo $0 "$@" # Will overwrite this process so script does not continue as self
fi # Arguments are passed ass supplied
Be very careful to explicitly grant users access to the script rather than a blanket 'run anything' else they will do things you don't want them to.
Robin - yes i want anyone to run the script and if they are not root it will log in as root or sudo up to root level and then it will run the rest of the commands in the script
so why wont this command work then
Code:
if [ id root -ne 0 ]; then
echo "type in the root password"
read pwd
su $pwd
fi
Last edited by robertkwild; 11-16-2017 at 10:48 AM..
If you use the su command, it will try to Switch User to the name given. If no name is given then it assumes the super-user account is desired. What you have coded as su $pwd will try to become the user in the $pwd variable. If (somehow) it is successful, you will be dropped to a shell prompt and you script will pause until the shell exits, whereupon you script (as an ordinary user) will continue.
It is the same effect as this short script:-
Code:
echo "I am here 1"
sh
echo "I am here 2"
If you run this, it will display I am here 1 and drop to a shell prompt. Exiting the shell in the normal way should then display I am here 2
You cannot feed a password into the su command because that would make it very unsafe, hence why authorisation processes like sudo were developed. This allows someone responsible to grant privileges rather than users just getting whatever they feel like.
As an analogy, if I walked into a bank an identified myself then said, "I'd like to access another account" there would be some pretty stern questions and checks. Gifting privileges comes with risk and as the system owner, you are responsible for making sure that the server is secure. If you are happy to grant access to allow them to run a locked-down script, that's fine.
What is it that your script needs to do as the super-user anyway? There may be a safer way to achieve it.
Hi All, my script.sh has the below lines, and i need to run the script as root or wam. please tell me if this will work
#!/bin/bash
sudo -t wam /usr/local/wam/stopwam -r ------- this needs run as wam user
/usr/local/web/stopweb -a --- this needs to run as... (18 Replies)
I am using blow script :--
#!/bin/bash
FIND=$(ps -elf | grep "snmp_trap.sh" | grep -v grep) #check snmp_trap.sh is running or not
if
then
# echo "process found"
exit 0;
else
echo "process not found"
exec /home/Ketan_r /snmp_trap.sh 2>&1 & disown -h ... (1 Reply)
Hi all,
I have to run C++ file using root programming, using following commands:
$root -l
root .L TwoTrees.C++
root TwoTrees t
root t.Loop()
root.q
I wonder if I can write script to do the following.
Thanks
Pooja (12 Replies)
So I have a script that runs as a non-root user, lets say the username is 'xymon' .
This script needs to log on to a remote system as a non-root user also and call up a bash script that runs another bash script as root.
in short: user xymon on system A needs to run a file as root user and have... (2 Replies)
1) Environment:Red Hat Linux, bash shell
Script to be run owned by user :myUser
Home environment of myUser: pathto/home
2) ESP agent with root access will run
JobXXX.sh
su - myUser -c "/pathto/home/bin/script.sh"
where script.sh has some echo statements and an exit statement in the end... (4 Replies)
Hi all,
I have a situation where I have a shell script that I need to run remotely on multiple *nix machines via SSH. Unfortunately, some of the commands in it require root access. I know that best practices for ssh entail configuring it so that the root account cannot log in, you need to... (4 Replies)
Dear All
I am running into a situation where I am running a script as another user lets say oracle using su command as below, and the script fails because the .profile of oracle is not executed so the environment variables are not set.
cat /etc/passwd | grep oracle... (4 Replies)
I'm writing an application (Progress language) that needs to:
1) load the contents of a cron table into the Progress application;
2) display this information in a human manner and allow a select group of people to update it (these people are logged in as themselves, not as root);
3) save... (3 Replies)
All,
I want to run a non-root script as the root user with non-root environment variables with crontab. The non-root user would have environment variables for database access such as Oracle or Sybase. The root user does not have the Oracle or Sybase enviroment variables. I thought you could do... (2 Replies)
11-15-2017
