HPE Community
Operating System - HP-UX
1825795 Members
2211 Online
109687 Solutions
New Discussion

Re: Giving a shell script root priv

 
SOLVED
Go to solution
Mike Burk
Advisor

‎06-12-2002 09:37 AM

‎06-12-2002 09:37 AM

Giving a shell script root priv

I have a shell script that uses the mount command. The script will be run by a regular user. How do I give it root privelages so mount will work?

Thanks,

Mike
0 Kudos
Reply
9 REPLIES 9
Rodney Hills
Honored Contributor

‎06-12-2002 09:42 AM

‎06-12-2002 09:42 AM

Solution

Re: Giving a shell script root priv

It can be done, but not recommended. A tool called "sudo" allows a regular user controlled access to tasks you would set up.

You can find it on Software Porting and Archive Centre.

-- Rod Hills
There be dragons...
Reply
Sanjay_6
Honored Contributor

‎06-12-2002 09:44 AM

‎06-12-2002 09:44 AM

Re: Giving a shell script root priv

Hi Mike,

Use "sudo".

You can download and install sudo from this link,

http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.6/

Hope this helps.

Regds
0 Kudos
Reply
Christopher McCray_1
Honored Contributor

‎06-12-2002 09:45 AM

‎06-12-2002 09:45 AM

Re: Giving a shell script root priv

Hello,

I don't know your particular situation, but are you sure you want to attempt this?

Is it not possible to just run the script as root, on a regular basis in cron, for example?

You are talking about opening up permissions to system device files as well as mount points.

Just my two pennies.

Chris
It wasn't me!!!!
0 Kudos
Reply
Mark Vollmers
Esteemed Contributor

‎06-12-2002 09:46 AM

‎06-12-2002 09:46 AM

Re: Giving a shell script root priv

Mike-


You can script in the su command and have it pull the password from a file, but you have to be careful about security at that point. I think that there is a trick you can do to encrypt it, but I can't get on search to look for it.

Mark
"We apologize for the inconvience" -God's last message to all creation, from Douglas Adams "So Long and Thanks for all the Fish"
0 Kudos
Reply
Mike Burk
Advisor

‎06-12-2002 09:54 AM

‎06-12-2002 09:54 AM

Re: Giving a shell script root priv

This is my scenario:

I have a network of 4 identical boxes. I have an application that runs on this network. I need to be able to mount to the other three boxes at runtime. If a one or more boxes are down I don't want to attempt to mount them. I tried to mount the boxes to each other at boot but if one or more boxes are down then it takes up to 20 minutes to complete the boot. This is not an option. My application runs from a regular user account. My script pings the other boxes and based on the results mounts the ones that are up.

If anyone has a better way to to this please help!
0 Kudos
Reply
Rodney Hills
Honored Contributor

‎06-12-2002 10:00 AM

‎06-12-2002 10:00 AM

Re: Giving a shell script root priv

In /etc/exports, if you change "hard" to "soft" then it will not be so strict about the host being up.

Also you could look into "autofs" or "automount" as a way to have these services mounted on a as need basis.

-- Rod Hills
There be dragons...
0 Kudos
Reply
Mike Burk
Advisor

‎06-12-2002 10:02 AM

‎06-12-2002 10:02 AM

Re: Giving a shell script root priv

I use soft mounts and it takes 20 minutes. Hard mounts cause the boot process to hang until it sees the server.

Mike
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎06-12-2002 10:28 AM

‎06-12-2002 10:28 AM

Re: Giving a shell script root priv

Hi Mike:

There is a "dirty" way to achieve what you want, and I would be very careful of where, what and how you use it. It works in most cases. Establish your script as a 'setuid' script. Consider the script below. You must have the interpreter declaration as shown.

#/usr/bin/sh
/usr/sbin/mount /dev/vgXX/lvolY /mymountpoint
exit 0

Call the script 'mymount.sh' and do:

# chown root:dba mymount.sh
# chmod 4110 mymount.sh

Now, members of the group *dba* can execute the script, but only 'root' can read or write (modify) the it.

To further secure this script, place it in a directory whose sticky bit is set. This prevents non-owner's (here, root) from deleting it.

Regards!

...JRF...
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.