We help IT Professionals succeed at work.

help with shell script as rights issue

richsark
richsark asked
on
Hello I have a shell script. I also would like this script to run as ammuser. Seems like the lib's and bin that I need are owned and can only be run as root.

When I run it as ammuser It fails, if I su as root it it works. I like to know how can I make my script run as ammuser then scp a tar.gz file to another server. I have created a passwordless login as ammuser on server B, but since the script cant run as root, I dont get far.

See the script
Comment
Watch Question

Author

Commented:
Here is my script:

[root@ESM1 ammuser]# vi QIP-Exports.sh 

#!/bin/sh
# NOTE:   The .Z is the qipadmin encrypted password located on the $QIPHOME/qip.pcy file
# Set QIP Environmental Variables
. /opt/qip/etc/qiprc
. /opt/sybase/SYBASE.sh
DATE=`/bin/date +%Y%m%d-%H:%M`

# Clean up the old database extracts first
if [ -f /home/ammuser/export/QIPexport.*.tar.gz ]
then
    mv /home/ammuser/export/QIPexport.*.tar.gz /home/ammuser/export/Archive
fi

# Dump the raw tables
#
/opt/qip/usr/bin/qip-export -d /home/ammuser/export -s QIPSYBASE -U qipadmin -Z 01ac0aaf78b520067294882e54bd7c1923ba -k

# Clean up all the audt files
rm /home/ammuser/export/*aud.qef

# tar and gzip the *.qef files
#
cd /home/ammuser/export/
/bin/tar -cvf ./QIPexport.$DATE.tar ./*.qef
/bin/gzip ./QIPexport.$DATE.tar

# scp the file to the DR-ESM box 11.34.29.40
#
/usr/bin/scp /home/ammuser/export/QIPexport.$DATE.tar.gz 192.168.0.73:/home/ammuser/exports-from-Prod

if [ $? -eq 0 ]
then
  rm /home/ammuser/export/*.qef
else
  rm /home/ammuser/export/*.qef
#  mailx -s "QIP export filed" DL-SM-N-Middleware@email.com < /export/home/qip-exports/Export-Failure.txt
#  exit 1
fi

/usr/bin/scp  /home/ammuser/Done-Flag 192.168.0.73:/home/ammuser/exports-from-Prod

# move file to trash and delete
mv /home/ammuser/export/QIPexport.$DATE.tar.gz /home/ammuser/Archive/
# Cleaning up older than 3 days old Archive files
/usr/bin/find /home/ammuser/Archive -name "*gz" -mtime +33 -exec rm {} \;

Open in new window

Top Expert 2010

Commented:
If it's just the export that's failing, add a /etc/sudoer rule to allow "ammuser" to run the command as "root" e.g.

sudoedit /etc/sudoers
---- Stick at bottom ----
ammuser ALL = (root) NOPASSWD:  /opt/qip/usr/bin/qip-export *
---- end (Hit ESC, then Type: :x ) ---

Then stick a sudo in font of the command e.g.

# Dump the raw tables
#
sudo /opt/qip/usr/bin/qip-export -d /home/ammuser/export -s QIPSYBASE -U qipadmin -Z 01ac0aaf78b520067294882e54bd7c1923ba -k

Author

Commented:
Cool, I will try that.

So with the sudo in front, if the qip-export call's lib's and others it will work since we are putting sudo in front of the command right?

Thanks,

Author

Commented:
Hello,

When I am looged in as ammuser and execute your suggestion I get:

[ammuser@ESM1 ~]$ sudoedit /etc/sudoers
Password:
ammuser is not in the sudoers file.  This incident will be reported

Author

Commented:
Also, I su to root and vi /etc/sudoers

This is what it looks like now


Cmnd_Alias HALT = /sbin/halt
Cmnd_Alias REBOOT = /sbin/reboot
Cmnd_Alias SERVICE = /sbin/service
Cmnd_Alias CHKCONFIG = /sbin/chkconfig
Cmnd_Alias KILL = /bin/kill
Cmnd_Alias KILLALL = /usr/bin/killall
Cmnd_Alias PASSWD = /usr/bin/passwd
Cmnd_Alias NTPDATE = /usr/sbin/ntpdate
Cmnd_Alias AIM = /usr/lib/amm/aim, /bin/aim
Cmnd_Alias AMMCFG = /usr/lib/amm/amm-cfg, /bin/amm-cfg
Cmnd_Alias ADM = /usr/lib/amm/adm, /bin/adm
Cmnd_Alias AMU = /usr/lib/amm/amu, /bin/amu
Cmnd_Alias ASC = /usr/lib/amm/asc, /bin/asc
Cmnd_Alias RNDC = /opt/qip/usr/bin/rndc

ammadmin ALL = NOPASSWD: HALT, REBOOT, SERVICE, CHKCONFIG, KILL, KILLALL, PASSWD, NTPDATE, AIM, AMMCFG, ADM, AMU, ASC, RNDC

qip ALL = NOPASSWD: ASC
ammuser ALL = (root) NOPASSWD:  /opt/qip/usr/bin/qip-export *
~

Author

Commented:
Anyone???
Top Expert 2010

Commented:
What do you get when you type the following as ammuser:

sudo -l

Author

Commented:
HI,

I get this

[ammuser@ESM1 ~]$ sudo -l
User ammuser may run the following commands on this host:
    (root) NOPASSWD: /opt/qip/usr/bin/qip-export *
[ammuser@ESM1 ~]$

Author

Commented:
Hi,

Just for kicks, I su to root from and ran the same command to see:

[root@ESM1 ammuser]# sudo -l
Sorry, user root may not run sudo on ESM1.
[root@ESM1 ammuser]#

Top Expert 2010

Commented:
Ok as "ammuser" what happens when you enter the following (run one command at a time and stop if you get an error):


. /opt/qip/etc/qiprc

. /opt/sybase/SYBASE.sh

DATE=`/bin/date +%Y%m%d-%H:%M`
if [ -f /home/ammuser/export/QIPexport.*.tar.gz ]
then
    mv /home/ammuser/export/QIPexport.*.tar.gz /home/ammuser/export/Archive
fi

sudo /opt/qip/usr/bin/qip-export -d /home/ammuser/export -s QIPSYBASE -U qipadmin -Z 01ac0aaf78b520067294882e54bd7c1923ba -k


Author

Commented:
Hi, See below[

ammuser@ESM1 ~]$ ./QIP-Exports-TEST.sh
./QIP-Exports-TEST.sh: line 13: [: too many arguments
/opt/qip/usr/bin/qip-export: error while loading shared libraries: libqapi.so.7: cannot open shared object file: No such file or directory
#!/bin/sh
#Author: Richard Sarkissian
#Created 10-20-09
# NOTE:   The .Z is the qipadmin encrypted password located on the $QIPHOME/qip.pcy file
# Set QIP Environmental Variables
. /opt/qip/etc/qiprc

. /opt/sybase/SYBASE.sh

DATE=`/bin/date +%Y%m%d-%H:%M`
if [ -f /home/ammuser/export/QIPexport.*.tar.gz ]
then
    mv /home/ammuser/export/QIPexport.*.tar.gz /home/ammuser/export/Archive
fi

sudo /opt/qip/usr/bin/qip-export -d /home/ammuser/export -s QIPSYBASE -U qipadmin -Z 01ac0aaf78b520067294882e54bd7c1923ba -k

Open in new window

Author

Commented:
Hi,

Wants next?
Top Expert 2010
Commented:
Per my last post, please run the commands one at a time (not in a shell) e.g.

Type:

. /opt/qip/etc/qiprc

Hit <enter>, check the output then type:

. /opt/sybase/SYBASE.sh

Hit <enter>, check the output then type:

DATE=`/bin/date +%Y%m%d-%H:%M`

Hit <enter>

then type:

sudo /opt/qip/usr/bin/qip-export -d /home/ammuser/export -s QIPSYBASE -U qipadmin -Z 01ac0aaf78b520067294882e54bd7c1923ba -k

Hit <enter>