HPE Community
Operating System - HP-UX
1827294 Members
2327 Online
109717 Solutions
New Discussion

Re: su to oracle without password

 
ITSD-ACCS
Frequent Advisor

‎06-27-2005 11:40 PM

‎06-27-2005 11:40 PM

su to oracle without password

Hi,

I want to su oracle as user A, but it prompts me password when I run in batch program. Can anyone suggest a way to do it, say granting privileges or permission ?

Thanks.
0 Kudos
7 REPLIES 7
Slawomir Gora
Honored Contributor

‎06-27-2005 11:54 PM

‎06-27-2005 11:54 PM

Re: su to oracle without password

Hi,

you can install and use sudo package
http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.8p7/
0 Kudos
Devender Khatana
Honored Contributor

‎06-27-2005 11:56 PM

‎06-27-2005 11:56 PM

Re: su to oracle without password

Hi,

If your user is having root previlages or the job is run as root, you will be never prompted for passwd for any user.

Another option could be that you set UID on your batch program so that it is always executed with root previlages not causing the prompt.

Another way of executing this as root will be to use sudo.

HTH,
Devender
Impossible itself mentions "I m possible"
0 Kudos
Pete Randall
Outstanding Contributor

‎06-27-2005 11:56 PM

‎06-27-2005 11:56 PM

Re: su to oracle without password

Sure - change the owner of the batch program to be root and the group to be user A's group. Then turn on the setuid bit.

chown root:userAgroup /batchprogram
chmod u+s /batchprogram

Be aware that having setuid programs is considered a security risk.


Pete

Pete
0 Kudos
Muthukumar_5
Honored Contributor

‎06-28-2005 12:36 AM

‎06-28-2005 12:36 AM

Re: su to oracle without password

You can try with telnet on this as,

(
sleep 1;
printf "oracle\n";
sleep 2;
printf "\n";
sleep 1
printf "/tmp/batchfile\n";
sleep 1
printf "exit";
) | telnet localhost

where /tmp/batchfile is with execution permission.
hth.
Easy to suggest when don't know about the problem!
0 Kudos
H.Merijn Brand (procura
Honored Contributor

‎06-28-2005 12:49 AM

‎06-28-2005 12:49 AM

Re: su to oracle without password

Use ssh, and add the caller's id.pub to oracle's ~/.ssh/authorized_keys

Be carefull to check the folders chmod values

~oracle: 0755
~oracle/.ssh: 0700
~oracle/.ssh/authorized_keys: 0600

oracle# cd ~/.ssh
oracle# ln authorized_keys authorized_keys2

root# cat ~end_user/.ssh/id.pub >>~oracle/.ssh/authorized_keys

end_user# ssh oracle@localmachine your_command

No password needed

EŠjøÿ, Håve Fà à ¡ Ħ.MeŠıjŠ[ hav
Enjoy, Have FUN! H.Merijn
0 Kudos
Gopi Sekar
Honored Contributor

‎06-28-2005 01:14 AM

‎06-28-2005 01:14 AM

Re: su to oracle without password


if you want to really automate this process without granting privileges then you can do so by using 'expect' script.

check man page of expect to find more details on this.

Regards,
Gopi
Never Never Never Giveup
0 Kudos
C. Beerse_1
Regular Advisor

‎06-28-2005 09:08 PM

‎06-28-2005 09:08 PM

Re: su to oracle without password

You could use the rsh/rlogin/rexec route: In the oracle-account create a ~/.rhosts account with the other accountname and 'localhost' for hostname (see `man rhosts` for details). Now from the other account, use `rsh localhost -l oracle` (or rexec, rlogin) to start the process. The advantage here is that it sets both the real-ids and the effective-ids.

You can also peek at the packages named `sudo` or `super` at http://hpux.its.tudelft.nl/. They are designed for this purpose.

However, the origional way to do this is to use the sticky-bit: `chmod u+s binary`. Details are explained in most unix adminsitrators books.
make everything as simple as possible, not simpler (A.Einstein??)
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.