I'm working on a script in which I need to change the user, i have sudo access, i tried something like below but without success.
echo $passwd | sudo -S su - oracle
I even tried installed ssshpass but no success with that either. Is that even possible or do I need to install something else to make this work?
Any idea
If you will run your script with root account, you can just
message="The cake is a lie"
su username -c 'echo $message'
If you will run your script with another user you have two ways to do that,
1) Configuring pam like bellow so when you run su user2 -c 'command' logged with user1, linux will not ask for password.
Add the following lines right below the pam_rootok.so line in your /etc/pam.d/su:
auth [success=ignore default=1] pam_succeed_if.so user = user2
auth sufficient pam_succeed_if.so use_uid user = user1
The first line makes sure the target user is user2. If it is, the next line will take control and succeed authorization if the calling user is user1.
If the target user is something else, the second line will be ignored and the usual authentication steps will be performed.
2) Write your script using expect as here
Related
Was trying to figure out how to execute a sudo command with the password as a parameter.
echo mypassword | sudo -S command
was using this reference Use sudo with password as parameter
However, on OS X it keeps say "sudo: incorrect password attempt" however that passwords is correct.
what am i doing wrong?
As pointed out in the comments already, what you're doing is a very bad idea because it leaves the password of an account laying around. Instead, if you need to run a specific command with sudo from a script, you could -- and you should -- define that single command for one specific user in such a way that its execution is allowed without having to type in the password.
So, you should edit /etc/sudoers to include an entry for your specific user for that one, single, specific command with the tag NOPASSWD:
youruser yourhostname = (root) NOPASSWD: /some/path/your/command
Or if you really don't feel like typing in the hostname of your computer, then go for:
youruser ALL = (root) NOPASSWD: /some/path/your/command
That way you will possibly leak the ability of executing that one, single command as root instead of leaking your password and with it the possibility of running any commands as root.
I'm trying to automate the build process which is done on linux server.
to do that first i need to login to the su and then perform the tasks for stopping and starting the server. I've written shell script to do that but there are some problems I'm facing,
1) even though I'm providing password from script using expect & send it tasks for password on terminal.
2) doing echo'password' | sudo -S su takes password automatically but says wrong even if it is right.
3) and when i put the password through terminal manually using su I get logged in to the su but the rest of the commands in script does not gets executed unless i do exit.
The script I've tried is,
echo 'password\n' | sudo -S su ##it says wrong password for su
commands to be performed after logging to su
exit
I've tried expect and send too,
su expect"Password" send "password\n";
and rest of the code here
but it's not fetching password from send automatically, I've to put it manually.
I would really appreciate if someone can help me with this!!
sudo requires the password of the user calling it, not the password of the superuser (or the user specified by the -u option). That may seem backwards, but the idea is that sudo can be configured to provide fine-grained control over what you are actually allowed to run as the superuser, rather than giving you access to the superuser account itself. Also, sudo keeps a log of who does what for auditing purposes.
If you used the wrong password, use the right password instead. Like others have already commented, sudo requires your password, not root's.
Additionally, your script is wrong. The sequence su; echo hello; exit will run a root shell with su, then when that shell exits, run echo hello and exit in your current shell.
You want this instead:
sudo -S sh -c 'echo hello'
The su is completely superfluous because sudo already takes care of switching to the root user, and offers a more convenient syntax for running commands as another user to boot. The sh -c '...' isn't strictly required in this example, but will probably be useful if you have more than one command which you wish to execute using elevated privileges. (Make sure you understand the implications. A useful commandment is to try to run even less code as sudo than you currently do. Always.)
I am working on making a website for a class that you log into with a username and password, and then it takes you to a page that shows your grades in the class.
The website is being run with a bash script, and will be hosted on a machine where the users already have a username and password to login.
I also have a script called calcgrade.sh that will calculate the grades for either the user who is currently logged in, or the user passed to the script as an argument.
So originally, I was going to use this command:
echo -e "$password\n" | sudo -Sk -u $user ./website/calcgrade.sh
to run calcgrade.sh as the user of the website. However, I found out that sudo asks for the password of the user who is currently logged in, not the target user you are trying to run a command as.
So after some reading, I found a better option would be to use su with an expect script, but I can't get it to work. Here is the code for the expect script (currently username and password are hard coded in for testing):
#!/usr/bin/expect
log_user 0
spawn /bin/su myusername
expect "Password: "
send "mypassword"
spawn "./website/calcgrade.sh"
interact
When I run this script, it doesn't seem to log in the user with su, as it goes on to run calcgrade.sh with my account, rather than the user's.
Do you see what is wrong with my script? Or can you see a better way to do what I want?
Also, another problem with this method is that calcgrade.sh is supposed to send some output to stderr, but when I run it with the expect script, the error messages get sent to the website (the server works by sending the html for the website to stdout). Is there a way around this, or might it be better to have the expect script just check with su if username/password is correct, and then if so, then run ./calcgrade.sh $user afterwards?
First of all, here's the correct way to do what you want to do:
Give your web server user sudo permissions to run ./website/calcgrade.sh as any user, without requiring a password.
Have the web server authenticate the user however you see fit.
Have it run sudo -u someuser ./website/calcgrade.sh, no password required.
Now let's look at why your approach didn't work:
It's commonly believed that su switches user. This is not the case. It actually starts a new shell running as another user.
This means that you can't spawn su otheruser, let it finish, and then afterwards spawn calcgrade.sh.
Instead you have to run su otheruser, and then send commands to the shell that su starts:
#!/usr/bin/expect
log_user 0
spawn /bin/su someuser
expect "Password: "
send "somepassword\n"
# Now wait for a prompt and send the command to run
expect "$"
send "./website/calcgrade.sh\n"
interact
I'm new to linux operating system and I've explored today the /etc/passwd file and to my surprise I found that it contains many other user names like proxy,daemon..etc.What are all these users?Can I login using these users?
Here the cat command i performed on /etc/passwd.
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
libuuid:x:100:101::/var/lib/libuuid:
syslog:x:101:104::/home/syslog:/bin/false
messagebus:x:102:106::/var/run/dbus:/bin/false
usbmux:x:103:46:usbmux daemon,,,:/home/usbmux:/bin/false
dnsmasq:x:104:65534:dnsmasq,,,:/var/lib/misc:/bin/false
avahi-autoipd:x:105:113:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false
kernoops:x:106:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false
rtkit:x:107:114:RealtimeKit,,,:/proc:/bin/false
saned:x:108:115::/home/saned:/bin/false
whoopsie:x:109:116::/nonexistent:/bin/false
speech-dispatcher:x:110:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh
avahi:x:111:117:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false
lightdm:x:112:118:Light Display Manager:/var/lib/lightdm:/bin/false
colord:x:113:121:colord colour management
daemon,,,:/var/lib/colord:/bin/false
hplip:x:114:7:HPLIP system user,,,:/var/run/hplip:/bin/false
pulse:x:115:122:PulseAudio daemon,,,:/var/run/pulse:/bin/false
brucewilson:x:1000:1000:brucewilson,,,:/home/brucewilson:/bin/bash
mysql:x:116:125:MySQL Server,,,:/nonexistent:/bin/false
bharghav:x:1001:1001:bharghav,,,:/home/bharghav:/bin/bash
sshd:x:117:65534::/var/run/sshd:/usr/sbin/nologin
statd:x:118:65534::/var/lib/nfs:/bin/false
snmp:x:119:126::/var/lib/snmp:/bin/false
guest-MSvo95:x:120:127:Guest,,,:/tmp/guest-MSvo95:/bin/bash
Can anyone please explain what are these?
Most of those users are required by the OS processes to work. You can't login as one of those users because:
a. They don't have a shell as regular users does. For example, brucewilson has /bin/bash as shell, but pulse (Audio Controller ) has /bin/false.
b. There are not passwords for those users, so when the system asks for a password, no matter what you type you will never get in. You can check who has a password in /etc/shadow.
Actually, you can login as any user listed in /etc/passwd as of your choice.
for example, if you want to login as proxy, type the following command:
sudo -u proxy /bin/bash
It will asks password to authenticate the access, you can give your password only if your user account is added in sudoers list.
You can use the same command to login as any user in the /etc/passwd file.
For example, again if you want to log in as daemon, type the following command:
sudo -u daemon /bin/bash
and so on...
Hope this will help you.
Assume I am user A(not root user) and I want to run a c-shell script which will execute command in User B(password for B is known to me) and will use the result of that command here.
How can I run a command in User-B.
sudo -u username command1
Above command may prompt for password but I want this to be done in script only.
Thanks for all your suggestions.
you could use a ssh key to allow your user A to log in as user B using user A's private key (and with user A's public key in ~B/.ssh/authorised_keys)
then you simply execute the script as B with:
ssh B#localhost "/path/to/script and maybe some arguments here"
you have following options,
run your command with root so that su - username wont prompt for password
create passordless login for user like passwordless ssh,remove password for user etc. and then run your command
for getting output here to work,
write it in a file and access it in code
store it in a variable and access it in code