topic Re: su to another user without password in Operating System - HP-UX

su to another user without password

hangyu — Sun, 03 Dec 2006 22:10:40 GMT

there are two user in the system , eg. userA and userB , they are general user , if I want to userA can su to userB but without input the password of userB , can advise what can I do ? except ssh method , can advise another method ? thx

ps. please ignore the security issue.

Re: su to another user without password

Patrick Wallek — Sun, 03 Dec 2006 22:37:25 GMT

You would have to use a tool like 'sudo' and set userA up to do something like 'sudo su - userB'. You can set sudo up to NOT require entry of userA's passwd as well.

Re: su to another user without password

A. Clay Stephenson — Sun, 03 Dec 2006 23:00:20 GMT

The only time that su does not prompt for the password is when the effective euse id is zero (ie root). If it worked any other way imagine the huge security hole that would introduce. You really have two choices: 1) sudo 2) Create a setuid wrapper program. Sudo is the far more secure option.

Re: su to another user without password

Yogeeraj_1 — Mon, 04 Dec 2006 01:04:57 GMT

hi,

note that you can download sudo as part of Internet express and compiled many options enabled.

http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=
HPUXIEXP1111

for more info, see:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?admit=716493758+1090940400855+28353475&threadId=630557

kind regards
yogeeraj

Re: su to another user without password

hangyu — Mon, 04 Dec 2006 01:22:31 GMT

thx ,

I use rlogin , the userA can su to userB without password now, but I have another requirement , I want to write a script , the script run by userA and su to userB then rcp a file to remote server , like below , but have error , it seems the rlogin has problem , I have test that userA can su to userB and scp file to remote server ( test it manually ) , but why can run it with a script , can advise what is wrong in my script ? thx

script :

SU="rlogin -l userB localhost"
${SU} "scp test.file remotehost:/tmp

error :
usage: rlogin [ -8EL] [-e char] [ -l username ] host
phase 2
usage: rlogin [ -8EL] [-e char] [ -l username ] host

Re: su to another user without password

Peter Nikitka — Mon, 04 Dec 2006 06:16:55 GMT

Hi,

the command 'rlogin' does interactive login - no addtional commands can be supplied. Use 'remsh' instead; as well you need balanced quotes - I suggest you try something like this:

SU="remsh -n -l userB localhost"
${SU} "scp -q test.file remotehost:/tmp"

mfG Peter

Re: su to another user without password

Tor-Arne Nostdal — Thu, 07 Dec 2006 19:29:53 GMT

Can't see why you dont want to use ssh... as it is far the simplest way...

In principle it seems as you want to have two equivalent users, so why can't you define them with same uid ?
The two users can have individual environment settings, home directory aso. but still have identical rights to each others files.

/Tor-Arne

Re: su to another user without password

Peter Nikitka — Fri, 08 Dec 2006 02:49:37 GMT

Hi hangyu,

can you give a feedback to our solutions?

And:
http://forums1.itrc.hp.com/service/forums/helptips.do?#28

mfG Peter

Re: su to another user without password

Berd — Fri, 08 Dec 2006 06:27:42 GMT

I also would use ssh. Once setup this would provide the functionality you are looking for and be more secure than remsh. Your command formats would remain similar.

ssh username@host command

Regards,
Berd

Re: su to another user without password

Trupti — Sat, 09 Dec 2006 05:16:52 GMT

Hi,
you can use any of three methods.
I)sudo- you have to install this
II)RLOGIN-Make configuration changes in $HOME./rhosts file( for user equivalency) or /etc/host.eqv file( for hosts equivalency)
III)user ssh-This also you have to installed in server,But very secure method.
You can configure ssh to switch without passwd.You have to generate public/private key & a procedure for this single sign on.

Choice is yours.

Trupti