HPE Community
Operating System - HP-UX
1830045 Members
16872 Online
109998 Solutions
New Discussion

Executing command from script as root.

 
Thomas Amwoza
Occasional Contributor

‎08-28-2000 07:50 PM

‎08-28-2000 07:50 PM

Executing command from script as root.

I am having a problem with the chown/chgrp
commands on NFS file systems. Apparently,
only root can do it correctly.

As a result I have written a script that is
executing the chown/chgrp commands using the
following syntax:

su root -c "/usr/bin/chown -R : //"

Is there a way to have this script execute
the command without prompting for a password?
0 Kudos
Reply
8 REPLIES 8
RikTytgat
Honored Contributor

‎08-28-2000 09:42 PM

‎08-28-2000 09:42 PM

Re: Executing command from script as root.

Hi,

Actually it's root and the owner of a file that can change the permissions on a file.

No, there is no way to do what you want without providing a password.

Apparently, you map the root user to root by using the 'root=....' option in your /etc/exports file. This is not so good from a security point of view. The default behaviour for NFS is to map the root user to user 65534.

Maybe you can describe exactly why you have to chmod/chgrp those files. Maybe there is a way to prevent you from having to do it.

Bye,
Rik.
0 Kudos
Reply
Antoanetta Naghiu
Esteemed Contributor

‎08-28-2000 10:19 PM

‎08-28-2000 10:19 PM

Re: Executing command from script as root.

No, it is no way to su to root without providing the password. See as well:
http://my1.itrc.hp.com/cm/QuestionAnswer/1,1150,0x1dbb119c3420d411b66300108302854d,00.html

But, your case doesn't seem to be ok. What file system are you importing? How the export line in /etc/exports looks like?

You can try to enable SUID bit (s permission) if you like and security is not a concern
0 Kudos
Reply
Victor BERRIDGE
Honored Contributor

‎08-29-2000 01:08 AM

‎08-29-2000 01:08 AM

Re: Executing command from script as root.

If you want to su -c root without passwd asked the safest way is to install and configure sudo, you can dowload a version at your archive and porting center.
There are other alternatives but they are security breeches...
On which machine are you trying to chown?

On the importing NFS FS ?

0 Kudos
Reply
Rick Garland
Honored Contributor

‎08-29-2000 05:22 AM

‎08-29-2000 05:22 AM

Re: Executing command from script as root.

You are probably looking at the use of sudo if you want the script to run as root with no passwd. Can be obtained from the porting archieves or from www.courtesan.com
0 Kudos
Reply
Vince Inman
Frequent Advisor

‎08-29-2000 06:31 AM

‎08-29-2000 06:31 AM

Re: Executing command from script as root.

A would advocate using sudo for this purpose.
Sudo provides a number advantages. Auditing, containability, and flexibility are the main advantages to using sudo.
0 Kudos
Reply
Richard Henriques
New Member

‎08-29-2000 09:40 AM

‎08-29-2000 09:40 AM

Re: Executing command from script as root.

Instead of su, have you considered increasing the privileges of user executing the script? You can use setprivgrp(1M) to allow a user to change the ownership of a file that the user owns.
0 Kudos
Reply
Bruno Dostie
Advisor

‎08-30-2000 08:02 AM

‎08-30-2000 08:02 AM

Re: Executing command from script as root.

I have created a kind of executable file like that some years ago on HP-UX v9

loook at the included "chmodutils" file.
make changes you need,
put yourfile in /usr/sbin directory
chown root yourfile , chgrp sys yourfile
look at man 1m chmod command
probably your solution will be
chmod 4555 yourfile
(set-user-id on file execution)

I wich attached file is well attached, it's first time I do that

Tourlou ;-)
Bruno

DOSB
0 Kudos
Reply
Shannon Petry
Honored Contributor

‎08-30-2000 12:17 PM

‎08-30-2000 12:17 PM

Re: Executing command from script as root.

I think that your problem is not fixable at the level you are trying to do. The NFS server is where this script should run. You are running this on an NFS client. If you must run this from an NFS client, then the client must be specified with root access in the servers export list. There are several ways to have this done in at least a semi-secure fashion. Best to read the man pages for exportfs, but you want several things.
> exportfs /directory -root=client1,anon=0,rw=host1:host2:host3,ro=host4:host5
This restricts access to known hosts. You can also use an "access=netgroup" for read-write access.
If root is specified in the exports file, your problem is solved. While I use sudo for several tasks, I would not use sudo for this task. This gives that user(s) global access then to chmod, chown, chgrp anything. It is a root level task, which should really be done by root's cron on the server.
I have the same task running on one of my servers. The only other thing to mention of this is LOG LOG LOG. (should go without saying).

Best Regards,
Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.