Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Is There way to change user when I run a shell file

Posted on 2012-03-19
10
Medium Priority
?
326 Views
Last Modified: 2012-06-08
I want to execute a shell file with switch user.

I can do it , like this


in a Shell file
--------------------------
su - userName
do something
----------------------------
But of course I need a password.

How can I solve this out??
0
Comment
Question by:gamjaradio
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
10 Comments
 
LVL 62

Assisted Solution

by:gheist
gheist earned 800 total points
ID: 37737352
You can configure "sudo" configuration file to unsecure some commands.


VISUAL=`which pico` visudo

(doc in config file)
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 400 total points
ID: 37738052
> But of course I need a password.
and what is the problem with entering the proper password?

if you want to run the switched user script without entering the password, you can do:
 1) run script as user root
 2) setup sudo properly, and then run the script with sudo -u other_user
 3) write a wrapper which enters the password; for sucha wrapper script tcl's expect or perl is a good choice
0
 
LVL 2

Assisted Solution

by:roundel35
roundel35 earned 800 total points
ID: 37741303
I would not recommend the use of any utility to enter a password for you - this is very insecure, as the password needs to be held somewhere and will need to be maintained.

As an alternative, if you don't have access to root, you could use "ssh" to submit your shell. Yes, you can use "ssh" even when the "remote" machine is "localhost".

The trick here would be to generate keys for the submitting user, and to put the public key in the ~/.ssh/authorized_keys file of the user where you need to run the shell script.

You can then call the shell script:

ssh user@localhost /path/to/my.shell.script

without recourse to a password.

Note though that if the submitting user should not have access to the executing user without a password, this method should not be used, as just "ssh user@localhost", will give a shell access with no password asked for.
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 400 total points
ID: 37741410
@roundel35, you do not recommend a tools to pass passwords for security reason, I'd follow that advice ;-)
but then you suggest to use a login with a key file which will not be protected with a password, that's scary ... IMHO this is as insecure as any tool passing the password automatically

i.g. if the password -or any other kind of credentials- are passed without user interaction, automated attacks are possible, if security counts such things should be avoided
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 800 total points
ID: 37741448
Even the authorised_keys file seems mysterious, you still need to password-protect your private keys. OK you can unlock them more or less comfortably with ssh-agent, but still you open some insecurity window for time while ssh-agent runs.
0
 
LVL 2

Assisted Solution

by:roundel35
roundel35 earned 800 total points
ID: 37741473
Indeed, the most secure solution would be to run the "submitting" script as the same user as the script needs to execute in. I'm assuming that the OP has a good reason not to do this.

The next most secure solution would be to run the submitting script as root. This may be locked down though, or otherwise unavailable - besides, being root would open lots of other doors, so I'm discounting that.

The authorized keys file mechanism is not perfect, but that mechanism will only work if the file is r-------- or rw------- permission, so it is already password protected by your own password; and shouldn't need to be protected further. Furthermore, access to the executing user is only granted if the "attack" is coming from a given user on a given machine, and that is locked down as you can't edit that file unless you are in that account anyway.

So not a perfect solution, but then I can't see a better solution to this imperfect problem.
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 800 total points
ID: 37741518
No security gain in ssh@localhost just added mystery and hassle.
0
 
LVL 2

Assisted Solution

by:roundel35
roundel35 earned 800 total points
ID: 37741562
Sorry, but I am obviously missing something here. Why don't you think that ssh@localhost is more secure than saving a password?
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 800 total points
ID: 37744842
sudo has no passwords stored.... just defines whom root trusts doinf what in whose name....
0
 
LVL 2

Accepted Solution

by:
roundel35 earned 800 total points
ID: 37746232
Indeed, but sudo is not readily available in all linux distributions, and requires a similar level of setup to ssh.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question