Operating System - HP-UX
1748255 Members
4010 Online
108760 Solutions
New Discussion юеВ

Re: "su -" from non-root to non-root same user without pw ?

 
SOLVED
Go to solution
Suraj K Sankari
Honored Contributor

Re: "su -" from non-root to non-root same user without pw ?

Hi,

With in the script you can provide username and passwd for login into some specific user but its a security violation.

Suraj
Dennis Handly
Acclaimed Contributor
Solution

Re: "su -" from non-root to non-root same user without pw ?

>now we have the need that this unprivileged application user needs too this script to start and stop his processes.
>su - appuser "nohup /path/programm1" &

I suppose you could test if already appuser then do:
if [ "$(id -un)" != appuser ]; then
su - appuser "nohup /path/programm1" &
...
else
nohup /path/programm1 &
...
fi
Doug O'Leary
Honored Contributor

Re: "su -" from non-root to non-root same user without pw ?

Ah;

I didn't quite catch that the user was trying to su to his own account. My bad.

To the OP, the answer to your question is sudo. Provide sudo privileges to the appropriate users for the init script then the users so configured can run the script as root. Root can su to any account without a password.

The command syntax for the appuser would be:

sudo /sbin/init.d/app_init_script [start | stop ]

Run visudo and add the appropriate lines - something like the following should do the trick:

User_Alias APPUSER = ${user1}, ${user2}
Cmnd_Alias APPINIT = /sbin/init.d/app_init_script
APPUSER ALL=(ALL) APPINIT

*That's* how you get around that little issue.

Hope that helps.

Doug O'Leary

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
OldSchool
Honored Contributor

Re: "su -" from non-root to non-root same user without pw ?

I think Dennis has the cleaner solution. Check to see if your the specific "appuser", or root (since its a startup script)....

if you're "appuser" then run the commands w/o su, if you're not, then su as always
OldSchool
Honored Contributor

Re: "su -" from non-root to non-root same user without pw ?

just beware that there may be permissions issues w/ other things within the script.. for example if root starts it and writes the PID to a file, and appuser tries to stop it, it may not be able to delete the pidfile. that kind of thing...

and sudo will indeed work, as you can run that script as root and it won't care about the su's