topic Re: "su problem" with script in Operating System - Linux

"su problem" with script

Krishnan Viswanathan — Tue, 04 Dec 2001 02:08:10 GMT

When I execute a particular script from the command line like : su bsp -c app.start
the script gets started as user bsp without any issue. (the script is owned by root but some users are authorised to start it up.)

How do I add the above "su "syntax within the script itself so that the users can just type in "app.start" and the binaries gets started always as user "bsp" ?

The extract of the script is as below (Can someone let me know where to place "su bsp -c" option in the script in the fifth line here?)

Thanks

#!/bin/sh
BSE=/app/bse
BSE_TMP=/app/bse/tmp
echo 'Initialize Printer Daemon\n'
if [ -x ${BSE}/bin/pdaemon${REL} ];then
if [ -f ${BSE_TMP}/pd_lock ]; then
echo "Printer Daemon already running"
else
if ${BSE}/bin/pdaemon${REL} ;then
echo 'Printer Daemon Initialized\n'
else
echo 'Cannot Initialize Printer Daemon\n'
fi
fi
else
echo 'Cannot Initialize Printer Daemon\n'
fi
exit 0

Re: "su problem" with script

Marco Paganini — Tue, 04 Dec 2001 04:04:21 GMT

Hello

If you're root, you can use 'su' to change to any account or execute any command as another user without typing the password. Regular users however don't have this capability since it would allow anyone to run any program as any other user.

The solution for you seems to be sudo (try man sudo). Sudo allows users to execute certain commands (you specify) as another user or even as root.

Regards,
Paga

Re: "su problem" with script

Eugen Cocalea — Tue, 04 Dec 2001 08:47:08 GMT

Hi,

chown bsp <script>
chmod +s <script>

This will set user id on execution, ie, when somebody runs the script, the script will not run as the user that launched the script but the user that owns the script.

E.

Re: "su problem" with script

Bernie Vande Griend — Tue, 04 Dec 2001 14:51:37 GMT

Yes, you can't put the "su -c" inside the script you are running as su. Once you you do the su you are in another shell and disconnected from the script.
It seems you have a few choices though.
As Eugen says, you can change the owner of the script to bsp and then make it setuid. Security-wise it is not recommended to have setuid scripts as then can be comprised more easily than binaries. But in this situation, it may be acceptable.
Otherise, you can create a wrapper script that does the su -c and calls the other script. But if you do this, the user running it will be prompted for a password.
Another option is to use something like sudo or Symark's Powerbroker that lets you run a program as another user.

Re: "su problem" with script

Alexander M. Ermes — Wed, 05 Dec 2001 13:54:03 GMT

Hi there.
Just my two cents.
Invoking an user can be done in two ways :

su bsp -c ...

this invokes the user and tries to execute the command

su - bsp -c
Invoking the user, taking the environment of the user ( variables etc from .login and .profile ) and then executing the command.

Mostly we use the su in the second way.
Rgds
Alexander M. Ermes

Re: "su problem" with script

Krishnan Viswanathan — Wed, 05 Dec 2001 17:31:36 GMT

Thanks all your help.
The script under question needs to started by a normal user and as the server is also running several other applications, part of service guard etc, we would not like to give "sudo" access for application users. All I need to know is if there is a way to incoporate the 'su' syntax which I mentioned earlier in the script itself. The application user will type in the password if prompted by the script. (I need to incorporate the syntax in several other similar scripts which is owned by root)
I tried several combinations but each time I got an error in the fifth line.
Thanks all once again.