hi,
i have a requirement where i need to sudo to another user in the shell script.suppose consider user A and B, first user A calls a shell script and then i need to sudo to user B which executes another shell script inside the earlier one.
also this needs to be automated like while sudo'ing to user B it should not ask for password prompt, password should be read from some file or by any other means.i'm a newbiew , please sugggest steps for the above problem.
other than this is there any way around for my problem??? please suggest ???
To do a sudo you should have an entry on the sudoers file that allows you to do the task needed to be done as other user or root.
Better than trying to go deeper into your specific situation i guess it would be better for you to learn how to use sudo, here is a kind of "how to" for sudo I found on the web:
7 Linux sudo Command Tips and Tricks (link removed)
There's no silver bullet for your problem. If compliant to your site's policy, you could disable the authentication requirement (cf. man sudoers):
Quote:
Authentication and Logging
The sudoers security policy requires that most users authenticate themselves before they can use sudo. A password is not required if the invoking user is root, if the
target user is the same as the invoking user, or if the policy has disabled authentication for the user or command.
You could use the -A option (cf. man sudo):
Quote:
sudo accepts the following command line options:
-A Normally, if sudo requires a password, it will read it from the user's terminal. If the -A (askpass) option is specified, a (possibly graphical) helper
program is executed to read the user's password and output the password to the standard output.
You finally could remove the reason why you need to switch to user B - adapt e.g. permissions of commands and files. Again, if compliant.
Your shell script (as called by user A) would have this line in it:
The "-u userb" flag tells sudo to run as the supplied user instead of root
Add the following line to your sudoers config file:
The "usera ALL" tells sudo that usera on any server (ALL) my run this command
The "(userb)" tells sudo that the command can only be run as userb (not the default of root)
The "NOPASSWD:" tells sudo not to prompt for usera's password like it normally would (unless otherwise configured elsewhere)
Some traps to watch for:
sudo does funny things with the environment, if your other shell script (the one being called as userb) is expecting environment variables to be properly set for userb, you might find it goes wrong. Things like PATH and HOME can surprise you.
I typically set any variables I need explicitly in the top of shell scripts being called by cron or sudo to prevent these issues.
If this is a big problem for you, you can add a layer of indirection and use "su - userb -c /full/path/to/anotherShellScript.sh" to have it load userb's environment before running the script.
Resulting sudo call in your first script would be:
You would now be running the su - command as root, then having it in turn select userb.
The line to your sudoers config file would change to:
The "(root)" bit isn't technically required, but I've done it that way to try and demonstrate what is changing between the two solutions.
As RudiC mentions, your company security policy will have an opinion (possibly a very strong opinion) on this. In some outfits, breaching this is bad enough to get you met at the door by security holding all your things in a black plastic rubbish bag ie, find out if it's cool to do this before you actually do it.
Be careful with the permissions on /full/path/to/anotherShellScript.sh and how well it's written as you've effectively made this script run with elevated privileges. If usera can find a way to change the content of this script, or if the script is written badly enough that someone can break out of it into a shell while it's running, you could be granting usera carte-blanc access to run things as userb (thus the security policy comment above). Assume the other users on the box and usera are all determined to destroy your server and/or bring down the company while writing the script and you'll have the appropriate level of paranoia.
Last edited by Smiling Dragon; 01-04-2013 at 10:09 PM..
in the /etc/sudoer file this line was added:
wtolentino ALL=(ORACLE) NOPASSWD: /bin/chmod
when i tried to run this command
sudo -u oracle /bin/chmod 775 /appshared/applications/lpa/executables/chrpt001.rep
it prompts me for a password
for example:
$ pwd
/appshared/applications/lpa... (2 Replies)
I am not sure what I am missing here. I have the following identical entry in /etc/sudoers on multiple Red Hat 6.4 servers.
icinga ALL=NOPASSWD:/usr/bin/yum --security --exclude\="kernel*" check-update
On one server when I enter the command over SSH as follows it works fine.
ssh -t -q... (1 Reply)
Little confused here
When i go to run sudo nohup ./script.ksh &
I dont get asked for a password.
It starts a process ID, I can see it when i do a ps -ef | grep script.
But I dont get an output file from my script, so its not doing anything.
What gives?
does it have to do the "&" ?
... (4 Replies)
I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this:
#!/bin/bash
rsync /path/on/local/machine/ foo.com:path/on/remote/machine/
ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
salmo allikm warhmat allah wabrakato
i want to do script with sudo like
sudo su and want to put password in the script not get from user because i to made it startup when booting and i don't know how put in script for sudo
thanks (5 Replies)
Hello
I have a partition with Aix 5.3 and I install sudo
I put the commands that I want to use x user and I put the option that donkask for password.
But when I run with this user and I try to run that commands. ask me for a password.
I put this line for no ask for password with that... (2 Replies)
I'm making a script that will be a double clickable .command file and I need it to prompt for the users admin password.
So far I have:
if ]; then
sudo -p "Please enter your admin password: " date 2>/dev/null 1>&2
if ; then
echo "You entered an invalid password... (2 Replies)
I need to create an automated script where I have to use sudo to switch to multiple user so the script stops and prompts for password, Is there a way I can provide the password in same command only?
Remember that, I cannot disable the password settings of sudo as I dont have rights. (4 Replies)
I've written a shell script to alter a particular preference file on OS X (10.3.9), which works fine (tested by running the script from the terminal sat in front of the box).
Problem is, I now have to run this script remotely across a number of machines via remote desktop, so where I've used the... (1 Reply)