Is There way to change user when I run a shell file

I want to execute a shell file with switch user.

I can do it , like this


in a Shell file
--------------------------
su - userName
do something
----------------------------
But of course I need a password.

How can I solve this out??
gamjaradioAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gheistCommented:
You can configure "sudo" configuration file to unsecure some commands.


VISUAL=`which pico` visudo

(doc in config file)
0
ahoffmannCommented:
> But of course I need a password.
and what is the problem with entering the proper password?

if you want to run the switched user script without entering the password, you can do:
 1) run script as user root
 2) setup sudo properly, and then run the script with sudo -u other_user
 3) write a wrapper which enters the password; for sucha wrapper script tcl's expect or perl is a good choice
0
roundel35Commented:
I would not recommend the use of any utility to enter a password for you - this is very insecure, as the password needs to be held somewhere and will need to be maintained.

As an alternative, if you don't have access to root, you could use "ssh" to submit your shell. Yes, you can use "ssh" even when the "remote" machine is "localhost".

The trick here would be to generate keys for the submitting user, and to put the public key in the ~/.ssh/authorized_keys file of the user where you need to run the shell script.

You can then call the shell script:

ssh user@localhost /path/to/my.shell.script

without recourse to a password.

Note though that if the submitting user should not have access to the executing user without a password, this method should not be used, as just "ssh user@localhost", will give a shell access with no password asked for.
0
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

ahoffmannCommented:
@roundel35, you do not recommend a tools to pass passwords for security reason, I'd follow that advice ;-)
but then you suggest to use a login with a key file which will not be protected with a password, that's scary ... IMHO this is as insecure as any tool passing the password automatically

i.g. if the password -or any other kind of credentials- are passed without user interaction, automated attacks are possible, if security counts such things should be avoided
0
gheistCommented:
Even the authorised_keys file seems mysterious, you still need to password-protect your private keys. OK you can unlock them more or less comfortably with ssh-agent, but still you open some insecurity window for time while ssh-agent runs.
0
roundel35Commented:
Indeed, the most secure solution would be to run the "submitting" script as the same user as the script needs to execute in. I'm assuming that the OP has a good reason not to do this.

The next most secure solution would be to run the submitting script as root. This may be locked down though, or otherwise unavailable - besides, being root would open lots of other doors, so I'm discounting that.

The authorized keys file mechanism is not perfect, but that mechanism will only work if the file is r-------- or rw------- permission, so it is already password protected by your own password; and shouldn't need to be protected further. Furthermore, access to the executing user is only granted if the "attack" is coming from a given user on a given machine, and that is locked down as you can't edit that file unless you are in that account anyway.

So not a perfect solution, but then I can't see a better solution to this imperfect problem.
0
gheistCommented:
No security gain in ssh@localhost just added mystery and hassle.
0
roundel35Commented:
Sorry, but I am obviously missing something here. Why don't you think that ssh@localhost is more secure than saving a password?
0
gheistCommented:
sudo has no passwords stored.... just defines whom root trusts doinf what in whose name....
0
roundel35Commented:
Indeed, but sudo is not readily available in all linux distributions, and requires a similar level of setup to ssh.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.