HPE Community
Operating System - Linux
1832646 Members
2817 Online
110043 Solutions
New Discussion

Re: "su problem" with script

 
Krishnan Viswanathan
Frequent Advisor

‎12-03-2001 06:08 PM

‎12-03-2001 06:08 PM

"su problem" with script

When I execute a particular script from the command line like : su bsp -c app.start
the script gets started as user bsp without any issue. (the script is owned by root but some users are authorised to start it up.)

How do I add the above "su "syntax within the script itself so that the users can just type in "app.start" and the binaries gets started always as user "bsp" ?

The extract of the script is as below (Can someone let me know where to place "su bsp -c" option in the script in the fifth line here?)

Thanks

#!/bin/sh
BSE=/app/bse
BSE_TMP=/app/bse/tmp
echo 'Initialize Printer Daemon\n'
if [ -x ${BSE}/bin/pdaemon${REL} ];then
if [ -f ${BSE_TMP}/pd_lock ]; then
echo "Printer Daemon already running"
else
if ${BSE}/bin/pdaemon${REL} ;then
echo 'Printer Daemon Initialized\n'
else
echo 'Cannot Initialize Printer Daemon\n'
fi
fi
else
echo 'Cannot Initialize Printer Daemon\n'
fi
exit 0


0 Kudos
Reply
5 REPLIES 5
Marco Paganini
Respected Contributor

‎12-03-2001 08:04 PM

‎12-03-2001 08:04 PM

Re: "su problem" with script

Hello

If you're root, you can use 'su' to change to any account or execute any command as another user without typing the password. Regular users however don't have this capability since it would allow anyone to run any program as any other user.

The solution for you seems to be sudo (try man sudo). Sudo allows users to execute certain commands (you specify) as another user or even as root.

Regards,
Paga
Keeping alive, until I die.
0 Kudos
Reply
Eugen Cocalea
Respected Contributor

‎12-04-2001 12:47 AM

‎12-04-2001 12:47 AM

Re: "su problem" with script

Hi,

chown bsp <script>
chmod +s <script>

This will set user id on execution, ie, when somebody runs the script, the script will not run as the user that launched the script but the user that owns the script.

E.
To Live Is To Learn
0 Kudos
Reply
Bernie Vande Griend
Respected Contributor

‎12-04-2001 06:51 AM

‎12-04-2001 06:51 AM

Re: "su problem" with script

Yes, you can't put the "su -c" inside the script you are running as su. Once you you do the su you are in another shell and disconnected from the script.
It seems you have a few choices though.
As Eugen says, you can change the owner of the script to bsp and then make it setuid. Security-wise it is not recommended to have setuid scripts as then can be comprised more easily than binaries. But in this situation, it may be acceptable.
Otherise, you can create a wrapper script that does the su -c and calls the other script. But if you do this, the user running it will be prompted for a password.
Another option is to use something like sudo or Symark's Powerbroker that lets you run a program as another user.
Ye who thinks he has a lot to say, probably shouldn't.
0 Kudos
Reply
Alexander M. Ermes
Honored Contributor

‎12-05-2001 05:54 AM

‎12-05-2001 05:54 AM

Re: "su problem" with script

Hi there.
Just my two cents.
Invoking an user can be done in two ways :

su bsp -c ...

this invokes the user and tries to execute the command

su - bsp -c
Invoking the user, taking the environment of the user ( variables etc from .login and .profile ) and then executing the command.

Mostly we use the su in the second way.
Rgds
Alexander M. Ermes
.. and all these memories are going to vanish like tears in the rain! final words from Rutger Hauer in "Blade Runner"
0 Kudos
Reply
Krishnan Viswanathan
Frequent Advisor

‎12-05-2001 09:31 AM

‎12-05-2001 09:31 AM

Re: "su problem" with script

Thanks all your help.
The script under question needs to started by a normal user and as the server is also running several other applications, part of service guard etc, we would not like to give "sudo" access for application users. All I need to know is if there is a way to incoporate the 'su' syntax which I mentioned earlier in the script itself. The application user will type in the password if prompted by the script. (I need to incorporate the syntax in several other similar scripts which is owned by root)
I tried several combinations but each time I got an error in the fifth line.
Thanks all once again.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.