Operating System - HP-UX
1828340 Members
3349 Online
109976 Solutions
New Discussion

Re: su to another user in a script

 
SOLVED
Go to solution
ken_5
Advisor

su to another user in a script

I know this is not something that can be done, however, I need to do it.
I have a simple script
test.sh
whoami

I do the chown and the chmod
chown usera test.sh
chmod 4555 test.sh

ll
-rwsr-xr-x 1 usera users 33 May 1 10:17 test.sh

now when I run the script when logged in as another users say userb it says that I'm userb. :) I need this to say usera so that I can use this script to move files into a directory protected by usera without giving permission to userb. The completed version of this script will be used to log the transaction and keep a protected history of the files going into that directory. Hope this makes sense, and thanks for your help. ;)
6 REPLIES 6
Stefan Farrelly
Honored Contributor

Re: su to another user in a script

Do it this way;

su - usera -c "/test.sh"

And that will run it properly as user usera.
Im from Palmerston North, New Zealand, but somehow ended up in London...
ken_5
Advisor

Re: su to another user in a script

This command would require me to type the password for usera. That would allow userb to login directly to that account and execute the command without using the script. Is there a way to pass the password within the script?
ken_5
Advisor

Re: su to another user in a script

Just figured it out. There has to be a #!/usr/bin/sh on the first line of the script or it will fail to change to the new userid. Thanks for your help. :)
Bill Douglass
Esteemed Contributor
Solution

Re: su to another user in a script

Instead of a suid shell script (which is a security hole), try installing sudo

http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.6/

and configure userb in the sudoers file to only be able to run your script:

userb ALL=(usera) /path/to/test.sh

Then userb can do

sudo -u usera /path/to/test.sh


userb wil not need to know usera's password, the script will not need to be suid, and you will get a log of all actions in your syslog (depending on how you have /etc/syslog.conf configured).
John Meissner
Esteemed Contributor

Re: su to another user in a script

you actually have two options.

have the script execute as root... this will not require any password to execute the above script. this is the recommended way.

if you can't do this and you need to pass a password you could use expect. expect is downloadable from here http://expect.nist.gov/
and very easy to use. you just type what you want the script to do basically. I'm attaching a copy of one of my expect scripts
- my script is an example but it telnets into a server and executes things.... but you can use it to automate almost anything
All paths lead to destiny
ken_5
Advisor

Re: su to another user in a script

I had read about expect and sudo in other posts, however, I did not want to have to install and document anything new on the system. Nor, research the security risks. ;)
but I'm sure they would both work from what I've read.
thanks