I have the following task for my golang code:
The command has to be run as root user on the server remotely in bash and the command output has to be fetched in a variable.
Logging over ssh as root is disabled.
sudo on the server is disabled, so I have to use 'su -' and type password
since I want to make it as automated as possible in bash, the password has to be stored inside the command
Here are the workflow actions:
Login via SSH (as unprivileged user) to remote host
Elevate to privileged 'root' user --> su -
Type the root password
run the command which root can execute
get to output to string on localhost and do some actions
I have Googled for days, but it seems that I cannot find a solution for this.
Does anyone have a solution to this?
The issue you are facing is concerning interacting with the command after it has been executing.
It is quite easy to use exec.Command for non-interactive commands.
I would recommend using Expect for interaction, or the Golang equivalent located here.
Related
I am facing unable to access login into the remote server using ssh in the tcl script which is getting stuck at the password prompt
exec ssh foo#barRemote "ls /tmp\;exit\;"
while I am able to log using shell script from bash and encounter no password prompt (we have already setup up public key and private key)
I've just tried against a server where I know I've set up the key-based access correctly and it worked. That — plus the fact that it works for you at the terminal — means I suspect that the problem is that your script is running in a context that hasn't been granted access to the key (e.g., from cron). In the simplest case (which is definitely not inside cron!) the fix is to run the overall script within ssh-agent:
ssh-agent tclsh yourscript.tcl
(That sets an environment variable that lets the inferior ssh use the key it needs.)
I'm trying to automate the build process which is done on linux server.
to do that first i need to login to the su and then perform the tasks for stopping and starting the server. I've written shell script to do that but there are some problems I'm facing,
1) even though I'm providing password from script using expect & send it tasks for password on terminal.
2) doing echo'password' | sudo -S su takes password automatically but says wrong even if it is right.
3) and when i put the password through terminal manually using su I get logged in to the su but the rest of the commands in script does not gets executed unless i do exit.
The script I've tried is,
echo 'password\n' | sudo -S su ##it says wrong password for su
commands to be performed after logging to su
exit
I've tried expect and send too,
su expect"Password" send "password\n";
and rest of the code here
but it's not fetching password from send automatically, I've to put it manually.
I would really appreciate if someone can help me with this!!
sudo requires the password of the user calling it, not the password of the superuser (or the user specified by the -u option). That may seem backwards, but the idea is that sudo can be configured to provide fine-grained control over what you are actually allowed to run as the superuser, rather than giving you access to the superuser account itself. Also, sudo keeps a log of who does what for auditing purposes.
If you used the wrong password, use the right password instead. Like others have already commented, sudo requires your password, not root's.
Additionally, your script is wrong. The sequence su; echo hello; exit will run a root shell with su, then when that shell exits, run echo hello and exit in your current shell.
You want this instead:
sudo -S sh -c 'echo hello'
The su is completely superfluous because sudo already takes care of switching to the root user, and offers a more convenient syntax for running commands as another user to boot. The sh -c '...' isn't strictly required in this example, but will probably be useful if you have more than one command which you wish to execute using elevated privileges. (Make sure you understand the implications. A useful commandment is to try to run even less code as sudo than you currently do. Always.)
I have to write a shell script to run some commands on unix. I have to switch several users.
How can I give passwords inside my script?
Note: I am not a root user. Also, security is not an issue in this case, so I could write passwords in my script.
Since you don't have root access, and assuming the programs you want to run aren't setuid, you have two basic choices:
Write an expect script to drive su - <username> and run your commands as child processes of expect.
Have someone with root access give you sudo access to the commands and users you need, and then run your commands with sudo -u <username> <command>.
Option 1 is best if you can't get administrative support, but option 2 is more flexible and easier to script from a Unix shell.
I have a lua script, running on the Mac, that needs to call sudo.
I'd hoped that Mac OS would automatically bring up a password request dialog, but instead it the command fails by returning 256.
Is there anyway that I can achieve my goal?
Tim
Quick and easy way: run it like this
/usr/bin/osascript -e 'do shell script "/path/to/myscript args 2>&1 etc" with administrator privileges'
Proper and configurable way: use AuthorizationExecuteWithPrivileges API from Authorization Services (in Security.framework).
Both will display standard Mac OS X GUI asking for administrator password and then execute the command as root, the same way as sudo does except that SUDO_USER environment variables will not be set.
If you need to execute individual commands from under user account when you're already elevated to root, you can prepend them with /usr/bin/sudo -u $USER.
is there any way to switch the user (to root or so) while deploying with capistrano without closing the current session (session is started with ssh keys)?
So i want to start the deployment with user foo and then change to root and then execute some commands.
Thanks for your answers!
You can use the capistrano sudo helper:
task :some_task_as_root do
run "#{sudo} some_command"
end
you can even specify a different user:
task :some_task_as_other_user do
run "#{sudo :as => 'other_user'} some_command"
end
The sudo helper will take care of getting the password from you if necessary and pass it along correctly.
You don't say where you want to run the commands as root. On the local system? On the remote system?
Each "run" sort of command in capistrano uses a separate new ssh connection. As stated above, "sudo" is the official way to run one set of statements as root.
If you're comfortable giving Root an ssh key to be able to log in directly via ssh, you can specify a user to ssh over as. I wouldn't recommend it, though.
In a Solaris environment without "sudo" (sigh), we use pfexec instead.
I believe sudo is what you need
your user should be sudoers groups before.
then use it:
task :specific_sudo_take do
run 'sudo -c sh "whoami' #put your sudo command here
end