I need to change my id to some sudo account in a server.. Actually our username/passwd will be stored in one gip file like below...
$cat .a.gz #It's hidden file
username
passwd
$
So I tried the below script to pass the password when i sudo to another id.
Code:
#!/usr/bin/bash
id=`id | awk '{print $1}' | awk -F"(" '{print $2}' | tr -d ")" ""`
#Here, 'id' will give the user id.
gzcat /home/$id/.a.gz | tail -1 > /home/$id/passwd
chmod 700 /home/$id/passwd
sudo su vobadmin < /home/$id/passwd
When i try this script, i got below error
Code:
Invoking "/usr/bin/pbrun su vobadmin" for you
You need to authenticate yourself. Running kinit...
Password for illindva@SWISSBANK.COM:
kinit(v5): Password incorrect while getting initial credentials
You did not kinit successfully.
Can anyone please advice on this issue?
Please let me know if you need any more details on this to resolve.
I do not understand - looks/sounds a bit awkward to me.
If you want to sudo su, why do you need a password then? I mean if you have access to that password stored in a file already, why not allow via sudo your user directly to become the other one without entering that password? Storing passwords in plain files is not secure at all.
If you put into sudoers a line that allows your current user to su to some id it could look like:
Code:
..
youruser host = NOPASSWD:/usr/bin/sudo - su vobadmin
..
You then just type
Code:
youruser> sudo su - vobadmin
.. and that's it. You also might want to use the dash (-) between su and the username so you have the users environment active.
Actually, the above provided code is part of my script.. I'm trying to connect to a server and there i'm changing my used id to some admin account id using sudo command..
When i try this sudo through command line or through script also, it's returning password prompt to enter my passwd.
so when i am trying to change the admin account id... i used above small code there. It's just to automate the script execution without manual intervention.
And we have our credentials in a zip file.. and it'll be in our home dir with 600 perm. so no one can even read the file. whoever execute the script, it has to take their passwd from their home dir to change the sudo account....
I hope you are bit clear now.. And still I've to try your above command to check whether it's asking the passwd or not.
Can you please provide your valuable inputs and suggestions on this..?
Ok, then I think I understood already.
Try to implement the sudoers entry as given in the example and give feedback please, ty.
If set up correct, you will not be asked for a password when doing the su, even not when automated via script.
I noticed a syntax error in the code I posted, sorry. It should be:
Code:
youruser host = NOPASSWD:/usr/bin/sudo su - vobadmin
The dash belongs between the su and the username.
Quote:
Because as per our company policies, we may not be allowed to change it permanently.. If it's only one time attempt, then it'll will good for us..
That entry is permanently done using visudo and saved in the file /etc/sudoers.
If you want to disable it after your job is done you can just remark it by adding a # in front of the line and saving it.
Afaik there is no option to let that line perish when it has been used once.
If your user or the user you want to become (vobadmin) is able to use visudo, then it does not make much sense to remark the line, since this user could always enable it again, if permitted. Just a thought.
Anyway this is the link to the official documentation for sudo; maybe there is an option you'd like: Sudoers Manual
I tried to set NOPASSWD for this sudo attempt, but we are unable to do it, because i could not able to see /etc/sudoers file in my box..
And eve it's available also, dont think so that we are allowed to set it as we are not admins of my unix box..
Is there any way to automate the passing passwd through file or variable when script is excuting..? I tried many ways, but no luck.. it's not taking the passwd in correct format..
Please advice me on this...
Thanks in advance..
Regards,
VRN
---------- Post updated at 01:29 AM ---------- Previous update was at 01:00 AM ----------
Hi,
Tried the below code for passing passwd... it went fine in one unix box... but it's not executing from other boxes... am not getting the reason why it's not working from other boxes..
Code:
#!/usr/bin/bash
id=`id | awk '{print $1}' | awk -F"(" '{print $2}' | tr -d ")" ""`
#Here, 'id' will give the user id.
pwd=`gzcat /home/$id/.srlpw.gz | tail -1`
echo "\$pwd" > /home/$id/passwd
chmod 700 /home/$id/passwd
sudo su vobadmin < /home/$id/passwd <<eof
echo id has changed successfully
eof
can anyone please let me know the reason for this.. ?
hi guys
I have Centos 5.4
The idea is lock the user account for 3 minutes after he has entered his password incorrectly 3 times.
I've modified /etc/pam.d/system-auth
auth required pam_tally.so onerr=fail per_user deny=3
account required pam_tally.so resetbesides... (3 Replies)
I am trying to create a shell script that will:
check if a specific user already exists
if not, create a specific group and create the user in that group
assign a password to that user, where the password is passed in as a parameter to the script
The problem that I need help with is 3 on... (4 Replies)
i created 1 user . Now its passwd time period get expired.
Now how can I set password for that user. Also how can I set a condition such a way that after every 3 months user must change his passwd. (5 Replies)
Hi all,
I'm having an issue resetting an Linux user password. As root, I type 'passwd <username>, enter the new password, but the user is still Access Denied. Can someone assist me in figuring this one out?
The box is running "Linux trm62 2.4.21-15.ELsmp #1 SMP Thu Apr 22 00:18:24 EDT 2004... (6 Replies)
hello friends,
one user is created named "user1"
I login as "user1" . Now when i do "su -" to be root user I have to give password for root .
Is there any way through which we can skip giving the password to root.
i.e.
user1@work:~$ su -
Password: xxxxxx
work:~$
I don't want that... (1 Reply)
Hi sir,
i need help in scripting..
i have 30 users like below
eda01
eda02
eda03
eda04
.....
......
eda30
I want to reset all users password start with eda01 until eda30 to default password 1234
how do i do this using script,
i dunt want system prompt me for password..
i am... (5 Replies)
I have 02 servers:
- Linux RHEL AS 3 (server1)
- AIX 5.2 (server2)
Running the command rsh server2 passwd derje from the server1 to change derje user password on server2, give me this error:
3004-709 Error while changing the password for "derje"
Can somebody help me ? (0 Replies)