HPE Community
Operating System - HP-UX
1825882 Members
2854 Online
109689 Solutions
New Discussion

Script Question

 
SOLVED
Go to solution
Binu Raj
Occasional Contributor

‎07-24-2003 09:55 PM

‎07-24-2003 09:55 PM

Script Question

Hi All

I have a scripting question.

I have to run this shell script as a normal user but have to insert couple of entries
into the /etc/services file where this user does not have the write access.

One of the requirement is that it should not be interactive. So I thought I could read the super
user username and password as arguments to the script and call "su" and pass it on to it.
But I have no idea how to pass the password to su non interactively.

Can you please help me?

Thanks in advance.

Regards

Binu
0 Kudos
Reply
9 REPLIES 9
Tom Geudens
Honored Contributor

‎07-24-2003 10:14 PM

‎07-24-2003 10:14 PM

Solution

Re: Script Question

Hi Binu,
Passing superuser username/password to a script ... not a good idea !

You should use sudo for this (http://www.courtesan.com/sudo/)

Make a script that changes the services-file, allow the user to execute this script as root through sudo ... and you're set.

Hope this helps,
Tom Geudens
A life ? Cool ! Where can I download one of those from ?
Reply
Radim Jarosek
Regular Advisor

‎07-24-2003 10:20 PM

‎07-24-2003 10:20 PM

Re: Script Question

Hi,

try to have a look at program "expect".

http://hpux.connect.org.uk/hppd/hpux/Tcl/expect-5.38/

HTH

Radim
0 Kudos
Reply
Ralph Grothe
Honored Contributor

‎07-24-2003 11:57 PM

‎07-24-2003 11:57 PM

Re: Script Question

You shouldn't pass root's password to processes at all.

The probably easiest, and with greatest control solution is the mentioned editing via sudo.

Another maybe could be to make an access control list (ACL) for /etc/services which gives the script executing uid write permissions (but maintaining ACLs can be problematic, especially with backups).

Yet another possibility could be to script something that starts execution as euid == 0, then forks off a child that su's to the respective uid, and let the child do what needs to be done under this uid.
Then when it comes to updating /etc/services this could be handled by the parent process that as euid == 0 has ultimate control.
Madness, thy name is system administration
Reply
Niraj Kumar Verma
Trusted Contributor

‎07-25-2003 02:15 AM

‎07-25-2003 02:15 AM

Re: Script Question

Hi ,

you can also make use of stiky bit

rwS------ and change the owner of the file to root ..

But be careful ... Its a risky business .. :)

-Niraj
Niraj.Verma@philips.com
0 Kudos
Reply
Niraj Kumar Verma
Trusted Contributor

‎07-25-2003 02:16 AM

‎07-25-2003 02:16 AM

Re: Script Question

Hi ,

you can also make use of stiky bit

rwS------ and change the owner of the file to root ..

But be careful ... Its a risky business .. :)

-Niraj
Niraj.Verma@philips.com
0 Kudos
Reply
Michael Kelly_5
Valued Contributor

‎07-25-2003 03:55 AM

‎07-25-2003 03:55 AM

Re: Script Question

Binu,
as far as I'm aware you cannot pass a password to su as an argument.
This is a (security) feature not a bug.
The same is true for the passwd command as well.

In addition to the possible solutions provided earlier you might look into creating a new group (e.g. serupd). Change the group on /etc/services to serupd and change the mode to 775. Put your user in that group and you are done.
Alternatively, you might like to look into Access Control Lists. This will give you a greater level of granularity than the 'standard' owner/group/other permissions
See 'man 5 aclv' for details.
If your root volume is a VxFS version 4 filesystem then it supports ACLs
It is also possible to upgrade earlier versions to version 4 (but I have no experience of doing this).

HTH,
Michael.
The nice thing about computers is that they do exactly what you tell them. The problem with computers is that they do EXACTLY what you tell them.
Reply
Donny Jekels
Respected Contributor

‎07-25-2003 04:22 AM

‎07-25-2003 04:22 AM

Re: Script Question

Binu,

I do something similar, and got it working with sudo.

Take care
Donny
"Vision, is the art of seeing the invisible"
Reply
Caesar_3
Esteemed Contributor

‎07-25-2003 04:26 AM

‎07-25-2003 04:26 AM

Re: Script Question

Hello!

Best is to run the part that you need to do
as a root with program called sudo
that run with root priv. the wanted commands.

Download from:
http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.6/

Caesar
Reply
RAC_1
Honored Contributor

‎07-25-2003 04:29 AM

‎07-25-2003 04:29 AM

Re: Script Question

you can do that with sudo.

Run your script with sudo, it will be run with root user as it's owner. Setting setuid bit is riksy business.
There is no substitute to HARDWORK
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.