Shell Programming and Scripting

I think I will go with the SSH kyes exchange from one user to another so the process can be worked.

Correct me If I'm wrong. By exchanging ssh keys, it will do the su without the password prompt or it will only work if I do ssh command?

One way if you don't want to execute the user's login profile.

Code:

su user -c "command"

Depending on your environment I find it works best using "remsh" with a suitable ".rhosts" file - even within the same computer.

Code:

remsh localhost -l username -n "command"

The su needs a password for everyone but root.The last is most defensible to a security auditor, and a bit more secure even if you do not read all the instructions! BTW, permissions on control files are critical to all the but su! Sometimes, give or take what shell runs "commands" (unless they all got to use $SHELL) and the running of the remote .profile or .kshrc or whatever.

Hey DGPickett,

A question to clarify. I need to execute 4 different commands with 4 different users so it means that I have to switch the users 4 times. As per my understanding, I can use the following commands.

set LOG='ABC/ABC/ABC.LOG

1 sudo/su - user -c "command" >> $LOG
exit

2. sudo/su - user2 -c "comand" >> $LOG
exit

3. sudo/su - user3 -c "command" >> $LOG
exit

4. sudo/su - user4 -c "command" >> $LOG

By doing that, each user have it's own environment veriables so do I need to setup the envs or it will catch it own its own.

One of the commands, I want to add grep command to one of the processes. If it finds, kill it. how can I get a specific running process and kill it if finds?

Your help is really appreciated
Thanks,
Afi

You don't need to use exit the sudo/su -c command will exit when the command completes:

Code:

sudo -u user1 ksh -c /usr/local/bin/myapp >> $LOG 2>&1
sudo -u user2 ksh -c "ps -ef | grep [m]yapp | awk '{print $2}' | xargs -r kill"

Code:

su user1 "-c /usr/local/bin/myapp" >> $LOG 2>&1
su user2 "-c ps -ef | grep [m]yapp | awk '{print \$2}' | xargs -r kill"

I'm guessing that the following lines are two different commands.

1. sudo -u user1 ksh -c /usr/local/bin/myapp >> $LOG 2>&1
2. sudo -u user2 ksh -c "ps -ef | grep [m]yapp | awk '{print $2}' | xargs -r kill"

Do I need to add (>> $LOG) for the 2nd line if I need to capture it in the logs?

Thanks,

Yes these are two seperate commands (as examples of running single program or mini script as a pipeline).

You would need to capture the output of the kill command (typically kill dosn't output anything to stdout but best to redirect this and stderr to your logfile). BTW the ksh -c part is only needed when running script commands and the following is sufficient:

Code:

sudo -u user1 /usr/local/bin/myapp >> $LOG 2>&1
sudo -u user2 ksh -c "ps -ef | grep [m]yapp | awk '{print $2}' | xargs -r kill" >> $LOG 2>&1

Edit: Note that the redirection is happening outside of the command invoked by sudo (ie not within the quotes in the 2nd example) so the LOG file will be written by the logged in user (not user1 or user2). If you get anything much more complex than a 1 liner best to write a shell script and invoke that with sudo. Also this way you can restrict the use of sudo for this particular script and not allow a user to do anything they want as user2.