Passing password when changing the user account


 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Passing password when changing the user account
# 1  
Old 06-24-2010
Passing password when changing the user account

Hi All,

I have one requirment..

I need to change my id to some sudo account in a server.. Actually our username/passwd will be stored in one gip file like below...

$cat .a.gz #It's hidden file
username
passwd
$

So I tried the below script to pass the password when i sudo to another id.

Code:
 
#!/usr/bin/bash
 
id=`id | awk '{print $1}' | awk -F"(" '{print $2}' | tr -d ")" ""`
#Here, 'id' will give the user id.
gzcat /home/$id/.a.gz | tail -1 > /home/$id/passwd
chmod 700 /home/$id/passwd
sudo su vobadmin < /home/$id/passwd


When i try this script, i got below error

Code:
Invoking "/usr/bin/pbrun su vobadmin" for you
You need to authenticate yourself. Running kinit...
Password for illindva@SWISSBANK.COM:
kinit(v5): Password incorrect while getting initial credentials
You did not kinit successfully.

Can anyone please advice on this issue?

Please let me know if you need any more details on this to resolve.

Thanks in advance.

Regards,
VRN

Last edited by pludi; 06-25-2010 at 02:29 AM..
# 2  
Old 06-25-2010
I do not understand - looks/sounds a bit awkward to me.
If you want to sudo su, why do you need a password then? I mean if you have access to that password stored in a file already, why not allow via sudo your user directly to become the other one without entering that password? Storing passwords in plain files is not secure at all.

If you put into sudoers a line that allows your current user to su to some id it could look like:

Code:
..
youruser     host = NOPASSWD:/usr/bin/sudo - su vobadmin
..

You then just type
Code:
youruser> sudo su - vobadmin

.. and that's it. You also might want to use the dash (-) between su and the username so you have the users environment active.
# 3  
Old 06-25-2010
Hi Zaxxon,

Thank you vm for your inputs...

Actually, the above provided code is part of my script.. I'm trying to connect to a server and there i'm changing my used id to some admin account id using sudo command..

When i try this sudo through command line or through script also, it's returning password prompt to enter my passwd.

so when i am trying to change the admin account id... i used above small code there. It's just to automate the script execution without manual intervention.

And we have our credentials in a zip file.. and it'll be in our home dir with 600 perm. so no one can even read the file. whoever execute the script, it has to take their passwd from their home dir to change the sudo account....

I hope you are bit clear now.. And still I've to try your above command to check whether it's asking the passwd or not.

Can you please provide your valuable inputs and suggestions on this..?

Thanks again.

Regards,
VRN
# 4  
Old 06-25-2010
Ok, then I think I understood already.
Try to implement the sudoers entry as given in the example and give feedback please, ty.
If set up correct, you will not be asked for a password when doing the su, even not when automated via script.
# 5  
Old 06-25-2010
Hi Zaxxon,

Sure, will try the given command and let you know the update tomorrow..

Thank you for the following up..

My last dount in this is that i need to do the below setup for each time when try the sudo command or it's required only once....


Code:
Code:
..
youruser     host = NOPASSWD:/usr/bin/sudo - su vobadmin
..

youruser> sudo su - vobadmin

Because as per our company policies, we may not be allowed to change it permanently.. If it's only one time attempt, then it'll will good for us..

Thanks again.

Regards,
VRN...
# 6  
Old 06-25-2010
I noticed a syntax error in the code I posted, sorry. It should be:
Code:
youruser     host = NOPASSWD:/usr/bin/sudo su - vobadmin

The dash belongs between the su and the username.

Quote:
Because as per our company policies, we may not be allowed to change it permanently.. If it's only one time attempt, then it'll will good for us..
That entry is permanently done using visudo and saved in the file /etc/sudoers.
If you want to disable it after your job is done you can just remark it by adding a # in front of the line and saving it.
Afaik there is no option to let that line perish when it has been used once.

If your user or the user you want to become (vobadmin) is able to use visudo, then it does not make much sense to remark the line, since this user could always enable it again, if permitted. Just a thought.

Anyway this is the link to the official documentation for sudo; maybe there is an option you'd like:
Sudoers Manual
# 7  
Old 06-26-2010
Hi Zaxxon,

I tried to set NOPASSWD for this sudo attempt, but we are unable to do it, because i could not able to see /etc/sudoers file in my box..
And eve it's available also, dont think so that we are allowed to set it as we are not admins of my unix box..

Is there any way to automate the passing passwd through file or variable when script is excuting..? I tried many ways, but no luck.. it's not taking the passwd in correct format..

Please advice me on this...

Thanks in advance..

Regards,
VRN

---------- Post updated at 01:29 AM ---------- Previous update was at 01:00 AM ----------

Hi,

Tried the below code for passing passwd... it went fine in one unix box... but it's not executing from other boxes... am not getting the reason why it's not working from other boxes..

Code:
 
#!/usr/bin/bash
id=`id | awk '{print $1}' | awk -F"(" '{print $2}' | tr -d ")" ""`
#Here, 'id' will give the user id.
pwd=`gzcat /home/$id/.srlpw.gz | tail -1`
echo "\$pwd" > /home/$id/passwd
chmod 700 /home/$id/passwd
sudo su vobadmin < /home/$id/passwd <<eof
echo id has changed successfully
eof


can anyone please let me know the reason for this..Smilie ?

Thanks in advance.

Regards,
VRN
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

block user account after failed password

hi guys I have Centos 5.4 The idea is lock the user account for 3 minutes after he has entered his password incorrectly 3 times. I've modified /etc/pam.d/system-auth auth required pam_tally.so onerr=fail per_user deny=3 account required pam_tally.so resetbesides... (3 Replies)
Discussion started by: kopper
3 Replies

2. Shell Programming and Scripting

Create new user account and password in shell script

I am trying to create a shell script that will: check if a specific user already exists if not, create a specific group and create the user in that group assign a password to that user, where the password is passed in as a parameter to the script The problem that I need help with is 3 on... (4 Replies)
Discussion started by: killuane
4 Replies

3. Solaris

Solaris user changing password

i created 1 user . Now its passwd time period get expired. Now how can I set password for that user. Also how can I set a condition such a way that after every 3 months user must change his passwd. (5 Replies)
Discussion started by: ajitkraj
5 Replies

4. Linux

Problem changing user password

Hi all, I'm having an issue resetting an Linux user password. As root, I type 'passwd <username>, enter the new password, but the user is still Access Denied. Can someone assist me in figuring this one out? The box is running "Linux trm62 2.4.21-15.ELsmp #1 SMP Thu Apr 22 00:18:24 EDT 2004... (6 Replies)
Discussion started by: bbbngowc
6 Replies

5. Debian

password less login to root from a user account

hello friends, one user is created named "user1" I login as "user1" . Now when i do "su -" to be root user I have to give password for root . Is there any way through which we can skip giving the password to root. i.e. user1@work:~$ su - Password: xxxxxx work:~$ I don't want that... (1 Reply)
Discussion started by: pradeepreddy
1 Replies

6. AIX

changing unix user password using script

Hi sir, i need help in scripting.. i have 30 users like below eda01 eda02 eda03 eda04 ..... ...... eda30 I want to reset all users password start with eda01 until eda30 to default password 1234 how do i do this using script, i dunt want system prompt me for password.. i am... (5 Replies)
Discussion started by: mani_um
5 Replies

7. AIX

changing user password

I have 02 servers: - Linux RHEL AS 3 (server1) - AIX 5.2 (server2) Running the command rsh server2 passwd derje from the server1 to change derje user password on server2, give me this error: 3004-709 Error while changing the password for "derje" Can somebody help me ? (0 Replies)
Discussion started by: mayge
0 Replies

8. Solaris

how can I change user name and password , of account ?

passwd only changes the password but i need to change the user name tnx (5 Replies)
Discussion started by: umen
5 Replies
Login or Register to Ask a Question