topic Re: Script Question in Operating System - HP-UX

Script Question

Binu Raj — Fri, 25 Jul 2003 04:55:05 GMT

Hi All

I have a scripting question.

I have to run this shell script as a normal user but have to insert couple of entries
into the /etc/services file where this user does not have the write access.

One of the requirement is that it should not be interactive. So I thought I could read the super
user username and password as arguments to the script and call "su" and pass it on to it.
But I have no idea how to pass the password to su non interactively.

Can you please help me?

Thanks in advance.

Regards

Binu

Re: Script Question

Tom Geudens — Fri, 25 Jul 2003 05:14:52 GMT

Hi Binu,
Passing superuser username/password to a script ... not a good idea !

You should use sudo for this (http://www.courtesan.com/sudo/)

Make a script that changes the services-file, allow the user to execute this script as root through sudo ... and you're set.

Hope this helps,
Tom Geudens

Re: Script Question

Radim Jarosek — Fri, 25 Jul 2003 05:20:48 GMT

Hi,

try to have a look at program "expect".

http://hpux.connect.org.uk/hppd/hpux/Tcl/expect-5.38/

HTH

Radim

Re: Script Question

Ralph Grothe — Fri, 25 Jul 2003 06:57:10 GMT

You shouldn't pass root's password to processes at all.

The probably easiest, and with greatest control solution is the mentioned editing via sudo.

Another maybe could be to make an access control list (ACL) for /etc/services which gives the script executing uid write permissions (but maintaining ACLs can be problematic, especially with backups).

Yet another possibility could be to script something that starts execution as euid == 0, then forks off a child that su's to the respective uid, and let the child do what needs to be done under this uid.
Then when it comes to updating /etc/services this could be handled by the parent process that as euid == 0 has ultimate control.

Re: Script Question

Niraj Kumar Verma — Fri, 25 Jul 2003 09:15:49 GMT

Hi ,

you can also make use of stiky bit

rwS------ and change the owner of the file to root ..

But be careful ... Its a risky business .. :)

-Niraj

Re: Script Question

Niraj Kumar Verma — Fri, 25 Jul 2003 09:16:08 GMT

Hi ,

you can also make use of stiky bit

rwS------ and change the owner of the file to root ..

But be careful ... Its a risky business .. :)

-Niraj

Re: Script Question

Michael Kelly_5 — Fri, 25 Jul 2003 10:55:46 GMT

Binu,
as far as I'm aware you cannot pass a password to su as an argument.
This is a (security) feature not a bug.
The same is true for the passwd command as well.

In addition to the possible solutions provided earlier you might look into creating a new group (e.g. serupd). Change the group on /etc/services to serupd and change the mode to 775. Put your user in that group and you are done.
Alternatively, you might like to look into Access Control Lists. This will give you a greater level of granularity than the 'standard' owner/group/other permissions
See 'man 5 aclv' for details.
If your root volume is a VxFS version 4 filesystem then it supports ACLs
It is also possible to upgrade earlier versions to version 4 (but I have no experience of doing this).

HTH,
Michael.

Re: Script Question

Donny Jekels — Fri, 25 Jul 2003 11:22:57 GMT

Binu,

I do something similar, and got it working with sudo.

Take care
Donny

Re: Script Question

Caesar_3 — Fri, 25 Jul 2003 11:26:32 GMT

Hello!

Best is to run the part that you need to do
as a root with program called sudo
that run with root priv. the wanted commands.

Download from:
http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.6/

Caesar

Re: Script Question

RAC_1 — Fri, 25 Jul 2003 11:29:50 GMT

you can do that with sudo.

Run your script with sudo, it will be run with root user as it's owner. Setting setuid bit is riksy business.