su-ing to another user in a ksh script

Posted on 2004-11-23
Last Modified: 2013-12-26
I would like help writing a ksh script to automate recycling my application on solaris.  

Shutdown/Startup of the main application requires stopping/starting 6 sub-applications.
Each of the 6 sub applications has it's own start/stop executable, but has to be run by different users.

None of the scripts require root access and all of the user accounts have the same password.  
I would think that limiting read access to the script to only the user and/or group would be enough
security for my needs that I could use a plain text password within the script.  But would like your advice.

I have searched the archives, but did not find what I was looking for, and appreciate your expertise

I want the script to:

su - user1  (password)
(wait long enough for this application to stop)
(check if a certain process is running)

su - user2  (password)
(wait long enough for this application to stop)
(check if a certain process is running)

then after all 6 applications have been stopped,
I want to su to all 6 account again and run their start scripts.
Question by:theoradically
    LVL 38

    Accepted Solution

    Write your script first.

    then config "sudo" to allow the user to run the script without password.

    For Solaris you can download sudo from:

    also have a look at the following page to see how it work:

    or you can use expect script to handle the password:

    I prefer the "sudo" solution, more secure.

    LVL 38

    Expert Comment

    Just in case you need a sample script:


    #check if a process is running

    if [ ps -ef|grep -w process-name | grep -v ] ; then
       echo "ProcessName  is running "
       # you might need to add statememet to kill the process
       # eg:
       # kill -9 `ps -ef|grep -w process-name | awk '{print $2}'`
       echo "ProcessName is not exist"

    #restart process
    /path-to/startupscript start

    #end of script

    To run the about script as user1:

    su - user1 -c "/path-to/abovescript

    man su
    to learn more details

    LVL 86

    Expert Comment

    Just as a side note, if the script is run by 'root', you won't need a password for 'su' anyway...
    LVL 51

    Assisted Solution

    su - user1 -c "/path/stop_script1.ksh"
    su - user2 -c "/path/stop_script2.ksh"
    # and so on ..

    run above script as root
    LVL 14

    Expert Comment

    The whole point of having different users is so that you can't do this type of thing.

    The mechanism in Unix for going "above" the usual user restrictions is through root, whether it's running the main script as root so that no su password is necessary or using root to manage the sudo access file (sudoers).

    The one way I can think of around this is to use SSH trusts between the accounts. But that obviates the point of having different accounts.

    Also, it's a bad idea to have a password that anyone knows on a non-person account - keeps you from  knowing who made the change that broke the system. Use SSH trusts or sudo to access such accounts instead.

    Author Comment


    Thanks for your quick response and thorough answer.  I tested Expect at home and it worked great.
    Our systems at work require suing to the functional accounts used in the scripts.  Any time we use those
    accounts, we must su from our primary ids to those account.  So Expect sounded like it should have worked fine.

    When running the Expect scripts, I get "Interactive logons with this account are prohibited!"  So this looks like
    an seos issue that I probably won't get around.  Your explanantion of Expect was great, though. Thanks


    I was aware of that syntax, but if not run as root, I need to supply a password.  And, I "Ain't got R00T"
    and did not supply that in my request.  But I do appreciate your time in responding.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Suggested Solutions

    Title # Comments Views Activity
    Perl Awk Need Help 3 85
    twoTwo  challenge 35 71
    FizzBuzz challenge 9 64
    MaxSpan challenge 9 49
    In this article, I'll describe -- and show pictures of -- some of the significant additions that have been made available to programmers in the MFC Feature Pack for Visual C++ 2008.  These same feature are in the MFC libraries that come with Visual …
    Introduction: Hints for the grid button.  Nested classes, templated collections.  Squash that darned bug! Continuing from the sixth article about sudoku.   Open the project in visual studio. First we will finish with the SUD_SETVALUE messa…
    This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now