https://community.hpe.com/t5/operating-system-hp-ux/executing-command-from-script-as-root/m-p/2440628#M768992 Hi,<BR /><BR />Actually it's root and the owner of a file that can change the permissions on a file.<BR /><BR />No, there is no way to do what you want without providing a password.<BR /><BR />Apparently, you map the root user to root by using the 'root=....' option in your /etc/exports file. This is not so good from a security point of view. The default behaviour for NFS is to map the root user to user 65534.<BR /><BR />Maybe you can describe exactly why you have to chmod/chgrp those files. Maybe there is a way to prevent you from having to do it.<BR /><BR />Bye,<BR />Rik. Tue, 29 Aug 2000 04:42:30 GMT RikTytgat 2000-08-29T04:42:30Z https://community.hpe.com/t5/operating-system-hp-ux/executing-command-from-script-as-root/m-p/2440627#M768991 I am having a problem with the chown/chgrp<BR />commands on NFS file systems. Apparently,<BR />only root can do it correctly.<BR /><BR />As a result I have written a script that is<BR />executing the chown/chgrp commands using the<BR />following syntax:<BR /><BR />su root -c "/usr/bin/chown -R <USER>:<GROUP> /<MYPATH>/<MYDIR>"<BR /><BR />Is there a way to have this script execute<BR />the command without prompting for a password?</MYDIR></MYPATH></GROUP></USER> Tue, 29 Aug 2000 02:50:01 GMT https://community.hpe.com/t5/operating-system-hp-ux/executing-command-from-script-as-root/m-p/2440627#M768991 Thomas Amwoza 2000-08-29T02:50:01Z https://community.hpe.com/t5/operating-system-hp-ux/executing-command-from-script-as-root/m-p/2440628#M768992 Hi,<BR /><BR />Actually it's root and the owner of a file that can change the permissions on a file.<BR /><BR />No, there is no way to do what you want without providing a password.<BR /><BR />Apparently, you map the root user to root by using the 'root=....' option in your /etc/exports file. This is not so good from a security point of view. The default behaviour for NFS is to map the root user to user 65534.<BR /><BR />Maybe you can describe exactly why you have to chmod/chgrp those files. Maybe there is a way to prevent you from having to do it.<BR /><BR />Bye,<BR />Rik. Tue, 29 Aug 2000 04:42:30 GMT https://community.hpe.com/t5/operating-system-hp-ux/executing-command-from-script-as-root/m-p/2440628#M768992 RikTytgat 2000-08-29T04:42:30Z https://community.hpe.com/t5/operating-system-hp-ux/executing-command-from-script-as-root/m-p/2440629#M768993 No, it is no way to su to root without providing the password. See as well: <BR /><A href="http://my1.itrc.hp.com/cm/QuestionAnswer/1,1150,0x1dbb119c3420d411b66300108302854d,00.html" target="_blank">http://my1.itrc.hp.com/cm/QuestionAnswer/1,1150,0x1dbb119c3420d411b66300108302854d,00.html</A><BR /><BR />But, your case doesn't seem to be ok. What file system are you importing? How the export line in /etc/exports looks like?<BR /><BR />You can try to enable SUID bit (s permission) if you like and security is not a concern Tue, 29 Aug 2000 05:19:42 GMT https://community.hpe.com/t5/operating-system-hp-ux/executing-command-from-script-as-root/m-p/2440629#M768993 Antoanetta Naghiu 2000-08-29T05:19:42Z https://community.hpe.com/t5/operating-system-hp-ux/executing-command-from-script-as-root/m-p/2440630#M768994 If you want to su -c root without passwd asked the safest way is to install and configure sudo, you can dowload a version at your archive and porting center.<BR />There are other alternatives but they are security breeches...<BR />On which machine are you trying to chown?<BR /><BR />On the importing NFS FS ?<BR /><BR /> Tue, 29 Aug 2000 08:08:01 GMT https://community.hpe.com/t5/operating-system-hp-ux/executing-command-from-script-as-root/m-p/2440630#M768994 Victor BERRIDGE 2000-08-29T08:08:01Z https://community.hpe.com/t5/operating-system-hp-ux/executing-command-from-script-as-root/m-p/2440631#M768995 You are probably looking at the use of sudo if you want the script to run as root with no passwd. Can be obtained from the porting archieves or from <A href="http://www.courtesan.com" target="_blank">www.courtesan.com</A> Tue, 29 Aug 2000 12:22:10 GMT https://community.hpe.com/t5/operating-system-hp-ux/executing-command-from-script-as-root/m-p/2440631#M768995 Rick Garland 2000-08-29T12:22:10Z https://community.hpe.com/t5/operating-system-hp-ux/executing-command-from-script-as-root/m-p/2440632#M768996 A would advocate using sudo for this purpose.<BR />Sudo provides a number advantages. Auditing, containability, and flexibility are the main advantages to using sudo. Tue, 29 Aug 2000 13:31:45 GMT https://community.hpe.com/t5/operating-system-hp-ux/executing-command-from-script-as-root/m-p/2440632#M768996 Vince Inman 2000-08-29T13:31:45Z https://community.hpe.com/t5/operating-system-hp-ux/executing-command-from-script-as-root/m-p/2440633#M768997 Instead of su, have you considered increasing the privileges of user executing the script? You can use setprivgrp(1M) to allow a user to change the ownership of a file that the user owns. Tue, 29 Aug 2000 16:40:50 GMT https://community.hpe.com/t5/operating-system-hp-ux/executing-command-from-script-as-root/m-p/2440633#M768997 Richard Henriques 2000-08-29T16:40:50Z https://community.hpe.com/t5/operating-system-hp-ux/executing-command-from-script-as-root/m-p/2440634#M768998 I have created a kind of executable file like that some years ago on HP-UX v9<BR /><BR />loook at the included "chmodutils" file.<BR />make changes you need, <BR />put yourfile in /usr/sbin directory<BR />chown root yourfile , chgrp sys yourfile<BR />look at man 1m chmod command<BR />probably your solution will be<BR />chmod 4555 yourfile<BR />(set-user-id on file execution)<BR /><BR />I wich attached file is well attached, it's first time I do that<BR /><BR />Tourlou ;-)<BR />Bruno<BR /><BR /> Wed, 30 Aug 2000 15:02:52 GMT https://community.hpe.com/t5/operating-system-hp-ux/executing-command-from-script-as-root/m-p/2440634#M768998 Bruno Dostie 2000-08-30T15:02:52Z https://community.hpe.com/t5/operating-system-hp-ux/executing-command-from-script-as-root/m-p/2440635#M768999 I think that your problem is not fixable at the level you are trying to do. The NFS server is where this script should run. You are running this on an NFS client. If you must run this from an NFS client, then the client must be specified with root access in the servers export list. There are several ways to have this done in at least a semi-secure fashion. Best to read the man pages for exportfs, but you want several things.<BR />&gt; exportfs /directory -root=client1,anon=0,rw=host1:host2:host3,ro=host4:host5<BR />This restricts access to known hosts. You can also use an "access=netgroup" for read-write access.<BR />If root is specified in the exports file, your problem is solved. While I use sudo for several tasks, I would not use sudo for this task. This gives that user(s) global access then to chmod, chown, chgrp anything. It is a root level task, which should really be done by root's cron on the server.<BR />I have the same task running on one of my servers. The only other thing to mention of this is LOG LOG LOG. (should go without saying).<BR /><BR />Best Regards,<BR />Shannon Wed, 30 Aug 2000 19:17:04 GMT https://community.hpe.com/t5/operating-system-hp-ux/executing-command-from-script-as-root/m-p/2440635#M768999 Shannon Petry 2000-08-30T19:17:04Z