richsark
asked on
help with shell script as rights issue
Hello I have a shell script. I also would like this script to run as ammuser. Seems like the lib's and bin that I need are owned and can only be run as root.
When I run it as ammuser It fails, if I su as root it it works. I like to know how can I make my script run as ammuser then scp a tar.gz file to another server. I have created a passwordless login as ammuser on server B, but since the script cant run as root, I dont get far.
See the script
When I run it as ammuser It fails, if I su as root it it works. I like to know how can I make my script run as ammuser then scp a tar.gz file to another server. I have created a passwordless login as ammuser on server B, but since the script cant run as root, I dont get far.
See the script
If it's just the export that's failing, add a /etc/sudoer rule to allow "ammuser" to run the command as "root" e.g.
sudoedit /etc/sudoers
---- Stick at bottom ----
ammuser ALL = (root) NOPASSWD: /opt/qip/usr/bin/qip-expor t *
---- end (Hit ESC, then Type: :x ) ---
Then stick a sudo in font of the command e.g.
# Dump the raw tables
#
sudo /opt/qip/usr/bin/qip-expor t -d /home/ammuser/export -s QIPSYBASE -U qipadmin -Z 01ac0aaf78b520067294882e54 bd7c1923ba -k
sudoedit /etc/sudoers
---- Stick at bottom ----
ammuser ALL = (root) NOPASSWD: /opt/qip/usr/bin/qip-expor
---- end (Hit ESC, then Type: :x ) ---
Then stick a sudo in font of the command e.g.
# Dump the raw tables
#
sudo /opt/qip/usr/bin/qip-expor
ASKER
Cool, I will try that.
So with the sudo in front, if the qip-export call's lib's and others it will work since we are putting sudo in front of the command right?
Thanks,
So with the sudo in front, if the qip-export call's lib's and others it will work since we are putting sudo in front of the command right?
Thanks,
ASKER
Hello,
When I am looged in as ammuser and execute your suggestion I get:
[ammuser@ESM1 ~]$ sudoedit /etc/sudoers
Password:
ammuser is not in the sudoers file. This incident will be reported
When I am looged in as ammuser and execute your suggestion I get:
[ammuser@ESM1 ~]$ sudoedit /etc/sudoers
Password:
ammuser is not in the sudoers file. This incident will be reported
ASKER
Also, I su to root and vi /etc/sudoers
This is what it looks like now
Cmnd_Alias HALT = /sbin/halt
Cmnd_Alias REBOOT = /sbin/reboot
Cmnd_Alias SERVICE = /sbin/service
Cmnd_Alias CHKCONFIG = /sbin/chkconfig
Cmnd_Alias KILL = /bin/kill
Cmnd_Alias KILLALL = /usr/bin/killall
Cmnd_Alias PASSWD = /usr/bin/passwd
Cmnd_Alias NTPDATE = /usr/sbin/ntpdate
Cmnd_Alias AIM = /usr/lib/amm/aim, /bin/aim
Cmnd_Alias AMMCFG = /usr/lib/amm/amm-cfg, /bin/amm-cfg
Cmnd_Alias ADM = /usr/lib/amm/adm, /bin/adm
Cmnd_Alias AMU = /usr/lib/amm/amu, /bin/amu
Cmnd_Alias ASC = /usr/lib/amm/asc, /bin/asc
Cmnd_Alias RNDC = /opt/qip/usr/bin/rndc
ammadmin ALL = NOPASSWD: HALT, REBOOT, SERVICE, CHKCONFIG, KILL, KILLALL, PASSWD, NTPDATE, AIM, AMMCFG, ADM, AMU, ASC, RNDC
qip ALL = NOPASSWD: ASC
ammuser ALL = (root) NOPASSWD: /opt/qip/usr/bin/qip-expor t *
~
This is what it looks like now
Cmnd_Alias HALT = /sbin/halt
Cmnd_Alias REBOOT = /sbin/reboot
Cmnd_Alias SERVICE = /sbin/service
Cmnd_Alias CHKCONFIG = /sbin/chkconfig
Cmnd_Alias KILL = /bin/kill
Cmnd_Alias KILLALL = /usr/bin/killall
Cmnd_Alias PASSWD = /usr/bin/passwd
Cmnd_Alias NTPDATE = /usr/sbin/ntpdate
Cmnd_Alias AIM = /usr/lib/amm/aim, /bin/aim
Cmnd_Alias AMMCFG = /usr/lib/amm/amm-cfg, /bin/amm-cfg
Cmnd_Alias ADM = /usr/lib/amm/adm, /bin/adm
Cmnd_Alias AMU = /usr/lib/amm/amu, /bin/amu
Cmnd_Alias ASC = /usr/lib/amm/asc, /bin/asc
Cmnd_Alias RNDC = /opt/qip/usr/bin/rndc
ammadmin ALL = NOPASSWD: HALT, REBOOT, SERVICE, CHKCONFIG, KILL, KILLALL, PASSWD, NTPDATE, AIM, AMMCFG, ADM, AMU, ASC, RNDC
qip ALL = NOPASSWD: ASC
ammuser ALL = (root) NOPASSWD: /opt/qip/usr/bin/qip-expor
~
ASKER
Anyone???
What do you get when you type the following as ammuser:
sudo -l
sudo -l
ASKER
HI,
I get this
[ammuser@ESM1 ~]$ sudo -l
User ammuser may run the following commands on this host:
(root) NOPASSWD: /opt/qip/usr/bin/qip-expor t *
[ammuser@ESM1 ~]$
I get this
[ammuser@ESM1 ~]$ sudo -l
User ammuser may run the following commands on this host:
(root) NOPASSWD: /opt/qip/usr/bin/qip-expor
[ammuser@ESM1 ~]$
ASKER
Hi,
Just for kicks, I su to root from and ran the same command to see:
[root@ESM1 ammuser]# sudo -l
Sorry, user root may not run sudo on ESM1.
[root@ESM1 ammuser]#
Just for kicks, I su to root from and ran the same command to see:
[root@ESM1 ammuser]# sudo -l
Sorry, user root may not run sudo on ESM1.
[root@ESM1 ammuser]#
Ok as "ammuser" what happens when you enter the following (run one command at a time and stop if you get an error):
. /opt/qip/etc/qiprc
. /opt/sybase/SYBASE.sh
DATE=`/bin/date +%Y%m%d-%H:%M`
if [ -f /home/ammuser/export/QIPex port.*.tar .gz ]
then
mv /home/ammuser/export/QIPex port.*.tar .gz /home/ammuser/export/Archi ve
fi
sudo /opt/qip/usr/bin/qip-expor t -d /home/ammuser/export -s QIPSYBASE -U qipadmin -Z 01ac0aaf78b520067294882e54 bd7c1923ba -k
. /opt/qip/etc/qiprc
. /opt/sybase/SYBASE.sh
DATE=`/bin/date +%Y%m%d-%H:%M`
if [ -f /home/ammuser/export/QIPex
then
mv /home/ammuser/export/QIPex
fi
sudo /opt/qip/usr/bin/qip-expor
ASKER
Hi, See below[
ammuser@ESM1 ~]$ ./QIP-Exports-TEST.sh
./QIP-Exports-TEST.sh: line 13: [: too many arguments
/opt/qip/usr/bin/qip-expor t: error while loading shared libraries: libqapi.so.7: cannot open shared object file: No such file or directory
ammuser@ESM1 ~]$ ./QIP-Exports-TEST.sh
./QIP-Exports-TEST.sh: line 13: [: too many arguments
/opt/qip/usr/bin/qip-expor
#!/bin/sh
#Author: Richard Sarkissian
#Created 10-20-09
# NOTE: The .Z is the qipadmin encrypted password located on the $QIPHOME/qip.pcy file
# Set QIP Environmental Variables
. /opt/qip/etc/qiprc
. /opt/sybase/SYBASE.sh
DATE=`/bin/date +%Y%m%d-%H:%M`
if [ -f /home/ammuser/export/QIPexport.*.tar.gz ]
then
mv /home/ammuser/export/QIPexport.*.tar.gz /home/ammuser/export/Archive
fi
sudo /opt/qip/usr/bin/qip-export -d /home/ammuser/export -s QIPSYBASE -U qipadmin -Z 01ac0aaf78b520067294882e54bd7c1923ba -k
ASKER
Hi,
Wants next?
Wants next?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Open in new window