HPE Community
Operating System - HP-UX
1828340 Members
3349 Online
109976 Solutions
New Discussion

Re: su to another user in a script

 
SOLVED
Go to solution
ken_5
Advisor

‎05-01-2003 06:36 AM

‎05-01-2003 06:36 AM

su to another user in a script

I know this is not something that can be done, however, I need to do it.
I have a simple script
test.sh
whoami

I do the chown and the chmod
chown usera test.sh
chmod 4555 test.sh

ll
-rwsr-xr-x 1 usera users 33 May 1 10:17 test.sh

now when I run the script when logged in as another users say userb it says that I'm userb. :) I need this to say usera so that I can use this script to move files into a directory protected by usera without giving permission to userb. The completed version of this script will be used to log the transaction and keep a protected history of the files going into that directory. Hope this makes sense, and thanks for your help. ;)
0 Kudos
Reply
6 REPLIES 6
Stefan Farrelly
Honored Contributor

‎05-01-2003 06:48 AM

‎05-01-2003 06:48 AM

Re: su to another user in a script

Do it this way;

su - usera -c "/test.sh"

And that will run it properly as user usera.
Im from Palmerston North, New Zealand, but somehow ended up in London...
0 Kudos
Reply
ken_5
Advisor

‎05-01-2003 07:16 AM

‎05-01-2003 07:16 AM

Re: su to another user in a script

This command would require me to type the password for usera. That would allow userb to login directly to that account and execute the command without using the script. Is there a way to pass the password within the script?
0 Kudos
Reply
ken_5
Advisor

‎05-01-2003 07:28 AM

‎05-01-2003 07:28 AM

Re: su to another user in a script

Just figured it out. There has to be a #!/usr/bin/sh on the first line of the script or it will fail to change to the new userid. Thanks for your help. :)
0 Kudos
Reply
Bill Douglass
Esteemed Contributor

‎05-01-2003 07:43 AM

‎05-01-2003 07:43 AM

Solution

Re: su to another user in a script

Instead of a suid shell script (which is a security hole), try installing sudo

http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.6/

and configure userb in the sudoers file to only be able to run your script:

userb ALL=(usera) /path/to/test.sh

Then userb can do

sudo -u usera /path/to/test.sh


userb wil not need to know usera's password, the script will not need to be suid, and you will get a log of all actions in your syslog (depending on how you have /etc/syslog.conf configured).
Reply
John Meissner
Esteemed Contributor

‎05-01-2003 08:02 AM

‎05-01-2003 08:02 AM

Re: su to another user in a script

you actually have two options.

have the script execute as root... this will not require any password to execute the above script. this is the recommended way.

if you can't do this and you need to pass a password you could use expect. expect is downloadable from here http://expect.nist.gov/
and very easy to use. you just type what you want the script to do basically. I'm attaching a copy of one of my expect scripts
- my script is an example but it telnets into a server and executes things.... but you can use it to automate almost anything
All paths lead to destiny
Reply
ken_5
Advisor

‎05-01-2003 09:28 AM

‎05-01-2003 09:28 AM

Re: su to another user in a script

I had read about expect and sudo in other posts, however, I did not want to have to install and document anything new on the system. Nor, research the security risks. ;)
but I'm sure they would both work from what I've read.
thanks
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.