How to store the passwords securely and use in scripts?


Login or Register to Reply

 
Thread Tools Search this Thread
# 15  
Okay, so it's DB2. I think that it is usual for all DB2 users to actually be OS users and you might just need to set up the trust there. You might need to use sudo to run the processes as the nominated OS user that can connect to the database and do the work.

Can you force that through? make sure your sudo rules only allow them to run a specific script as the trusted account that means they can only do what you want, not just a general "Connect me to the database and wheeeee....."
Also, do not allow them to get to the shell prompt as the trusted account else they can probably bypass any rules you want to define. Basically, don't trust them to do anything at all except a very controlled script.

If this is for end users, then you might need to set the sudo rules to use NOPASSWD to permit them without prompting for their own password all the time.



I hope that this helps,
Robin
These 2 Users Gave Thanks to rbatte1 For This Post:
# 16  
Quote:
Originally Posted by rbatte1
Okay, so it's DB2. I think that it is usual for all DB2 users to actually be OS users and you might just need to set up the trust there. You might need to use sudo to run the processes as the nominated OS user that can connect to the database and do the work.

Can you force that through? make sure your sudo rules only allow them to run a specific script as the trusted account that means they can only do what you want, not just a general "Connect me to the database and wheeeee....."
Also, do not allow them to get to the shell prompt as the trusted account else they can probably bypass any rules you want to define. Basically, don't trust them to do anything at all except a very controlled script.

If this is for end users, then you might need to set the sudo rules to use NOPASSWD to permit them without prompting for their own password all the time.
I hope that this helps,
Robin
Thanks Robin for sharing it. Sudo with nonpasswd is really good idea. To be honest I myself did 1 automation few backs only with using this and this facility is cool and safe too.

Thanks,
R. Singh
Login or Register to Reply

|
Thread Tools Search this Thread
Search this Thread:
Advanced Search

More UNIX and Linux Forum Topics You Might Find Helpful
Store passwords , accounts, IPs, hostnames
funksen
Hi, this question is not specially unix related, but I expect advanced and expert unix users to have a solution for this, and I've found no other subforum that fits ;) what do you use to store accounts, customer ids, ip addresses, users and specially passwords, to access them from...... UNIX for Advanced & Expert Users
6
UNIX for Advanced & Expert Users
Oracle Passwords in Unix scripts
clifford
Hi Most of the shell scripts I am dealing with have to connect to oracle database . The username password is stored in a environment file which sets the variables for username and password . Set user id do not work on AIX so users who will execute these scripts need to have read or execute...... Shell Programming and Scripting
5
Shell Programming and Scripting
Checking passwords - scripts
bullz26
Hi Unix experts.... I am in the process checking user and root password of more than 1000 servers manulay. I am very pissed of checking these many servers manualy. Could some one of you help me how can i check the passwords just by runing some scripts..! Need Help Guys..! :confused:... Shell Programming and Scripting
5
Shell Programming and Scripting
How to pass passwords to bash scripts?
siegfried
I'm finding the following command very tedious to type in all the time, so I created a one line bash script called mount.bash with the following contents: mount -t cifs //mark/C\$ -o unc=//mark\\C$,ip=10.1.1.33,user=Administrator,password=$1 /mnt/mark I don't like the fact that I have to put...... Shell Programming and Scripting
5
Shell Programming and Scripting
UNIX and Linux

Unix (trademarked as the UNIX certification mark) is a very mature family of multitasking, multiuser computer operating systems that evolved from the original AT&T Unix. Unix development starting in the 1970s by legendary Bell Labs programmers Ken Thompson, Dennis Ritchie, and others. Unix was first targeted for the Bell System and AT&T licensed Unix to outside parties. In the 1970s time period, this lead to a variety of for-profit as well as not-for-profit Unix variants.
In the early days, this included the University of California, Berkeley (BSD), Microsoft (Xenix), IBM (AIX), and Sun Microsystems (Solaris). In the early 1990s, AT&T sold their Unix rights to Novell. In 1995 Novell sold their Unix business to the Santa Cruz Operation (SCO). The UNIX trademark was passed to The Open Group, a "neutral" industry consortium. The Open Group promoted the use of the UNIX trademark for certified operating systems that comply with the Single UNIX Specification (SUS). In 2014 Apple's macOS became the Unix version with the largest global install base and macOS remains the largest Unix-user base today.
Linux is a family of open source Unix-like operating systems based on the Linux kernel. The Linux kernel is an operating system kernel first released by Linus Torvalds on 17 September 1991. Linux distributions include the Linux kernel, system software and libraries. Popular free open source Linux distributions include Debian, Fedora, and Ubuntu. Commercial Linux distributions include Red Hat Enterprise Linux and SUSE Linux Enterprise Server. Linux may be freely modified and redistributed. Anyone on the planet may create a Linux distribution for any purpose.
Please enjoy and help our forum community by "showing your work" and posting your code, even when your code is not working as expected. To help others help you, please wrap your code blocks, sample input, sample output, error messages, and other data in CODE tags and wrap your short commands and short data objects in ICODE tags. We were all beginners in the beginning. If you have any questions about how to register or how to post, please contact us in Live Chat. Thank you and enjoy this "forever free" technical support community for UNIX, Linux and computer information technology in general.