I have a user "chad"
I am logging into linux machine with user "server"
I am creating a script and try to add below command
sudo su -s /bin/bash chad
so I can get into user chad and execute rest of my commands from this script
How do I do that?
Below Is My script
#!/bin/bash
exec /bin/su -s /bin/bash chad - << 'EOF'
echo "pwd"
pwd
cd /home/chad/py2.0/test/py_it/
echo "git branch"
git branch
read -p "Are you sure about branch? (yes/no)" reply
choice=$(echo $reply|sed 's/\(.*\)/\L\1/')
if [ "$choice" = 'yes' ]
then
echo "Welcome you selected yes, wait for 3 seconds to get output";
sleep 3;
echo "git pull for py2.0";
"git pull origin integration/py2.0";
elif [ "$choice" = 'no' ]
then
echo "You selected 'no', hence exiting in 3 seconds";
sleep 3
exit 0
else
echo "invalid answer, type yes or no";
fi
EOF
Below is Output
git branch
* integration/py2.0
master
invalid answer, type yes or no
You have to add the following line in your script:
exec sudo -u chad /bin/sh - << 'EOF'
All commands after this line will be under chad user
Check it with this:
id
exec sudo -u chad /bin/sh - << 'EOF'
id
id
id
EOF
Related
I am trying to run a simple script in debug mode.
#!/bin/bash
trap 'read -p "run: $BASH_COMMAND"' DEBUG
command 1
command 2
**Current output:**
run: command 1 <press enter and the command executes>
run: command 2 <press enter and the command executes>
But I want to run this in a loop asking yes/no before every execution
Expected output:
run: command 1 yes/no? <input 'yes' + enter and the command executes>
run: command 2 yes/no? <input 'yes' + enter and the command executes>
I tried
trap [['read -p "run: $BASH_COMMAND" && "continue [y/n]" ' ; echo $REPLY)" == [Yy]* ]] && echo Continuing || echo Stopping DEBUG
but I am not able to figure it out.
Basically, I am trying to perform two read operation in trap/debug command and on second read i want to perform logical operation before executing.
Could anyone point me in the right direction, please? May be process substitution
Perhaps something like this
#! /bin/bash
confirm() {
read -rp "run: $BASH_COMMAND, continue [y/n]: "
if [[ "$REPLY" == [Yy]* ]]; then
echo Continuing
else
echo Stopping DEBUG
exit
fi
}
trap confirm DEBUG
command 1
command 2
I am trying to make the script which executes on terminal on double click and should ask for user input. To execute script open the gnome-terminal which will execute further script. After taking user input in RESP it unable to print the value passed(y/n). Gnome-terminal with nautilus.
gnome-terminal -- bash -c "read -p 'Include log?(y/n)' RESP
echo '$RESP'
if[ '$RESP' = 'y' ]; then
//logic for yes
else
//logic for no
fi;
exec bash"
echo $RESP not printing anything?
Try this
bash -c "read -p 'Include log?(y/n)' RESP
echo \$RESP
if [ \$RESP = 'y' ]; then
echo y
else
echo n
fi"
You need to escape the $ for your variables instead of putting it into '
The " in script string made variable empty (not defined variable expands to nothing) . It makes echo empty. I exchanged " with ' and it works fine.
gnome-terminal -- bash -c 'read -p "Include log?(y/n)" RESP
echo "$RESP"; sleep 10
if[ "$RESP" = "y" ]; then
echo YES
else
echo NO
fi;
exec bash'
I want to jail an "normal" user with the special group developer for SFTP and SSH.
The user can only navigate in /srv/DEVELOPMENT (SSH/SFTP) AND over SSH, the user can only execute a limit of commands (see the script at the bottom).
Why i want this?
I work on a little project. Last days, another developers wan't to support the project with their experiences. The developer can be edit the "developer-website" and can start/stop/restart an Node.js application over SSH. The next think is: The user must use the shell to change their account password.
Currently, i have configured the SSH-Deamon with following steps:
Jail over SFTP
Match Group developer
X11Forwarding no
AllowTcpForwarding yes
ChrootDirectory /srv/DEVELOPMENT
ForceCommand internal-sftp
The user was added by following commands/options:
useradd --base-dir /srv/ --home-dir /srv/ --no-user-group --shell /srv/shell.sh $USERNAME
usermod -G developer $USERNAME
id $USERNAME
passwd $USERNAME
Current Directory Permissions
/srv developer:root 0755
/srv/DEVELOPMENT developer:root 0750
/srv/DEVELOPMENT/* developer:root 0777
With SFTP it work's correctly. The second part to jail the user over SSH is currently little bit harder. This step won't work currently, and thats is my question.
The chroot is limited on internal-sfpt. When i try to login, the connection will be aborted with the message, that the connection is only allowed for sftp:
ssh TestUser#example.com
TestUser#example.com's password:
This service allows sftp connections only.
Connection to example.com closed.
Here, i had remove ForceCommand on the SSH-Deamon config > The Login will be succeed.
But here is my problem
When i try to login, no executables cant be used:
ssh TestUser#example.com
TestUser#example.com's password:
Linux example.com 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2+deb9u2 (2017-06-26) x86_64
Last login: Sun Jul 30 18:00:11 2017 from ****************
/srv/shell.sh: No such file or directory
Connection to example.com closed.
/srv/shell.sh is a custom shell-script to limit the commands, for sample:
#!/bin/bash
commands=("man" "passwd" "ls" "account", "whoami", "clear", "cd")
RED='\033[0;31m'
YELLOW='\033[0;33m'
MAGENTA='\033[0;35m'
CYAN='\033[0;36m'
NC='\033[0m' # No Color
INDENTATION=' '
SYSTEM_UPTIME=`uptime --pretty`
SYSTEM_USERS=`who -q`
SYSTEM_QUOTA="None"
SYSTEM_RAM="None"
timestamp(){
date +"%Y-%m-%d %H:%M:%S"
}
log(){
echo -e "[$(timestamp)]\t$1\t$(whoami)\t$2" >> /var/log/developer-user/shell.log;
}
execute() {
# EXIT
if [[ "$ln" == "exit" ]] || [[ "$ln" == "q" ]]
then
exit
# HELP
elif [[ "$ln" == "help" ]]
then
echo "Type exit or q to quit."
echo "Commands you can use:"
echo " account"
echo " help"
echo " echo"
echo " man <ManPage>"
echo " passwd"
echo " ls"
echo " clear"
echo " cd"
# CD
elif [[ "$ln" =~ ^cd\ .*$ ]]
then
LAST=`pwd`
$ln
CURRENT=`pwd`
if [[ $CURRENT == "/srv" ]]
then
log CHANGE_DIR FAILED_PERMISSIONS "$ln"
echo -e "${RED}ERROR:${NC} Sorry, you can't change to the previous directory ${YELLOW}\"${CURRENT}\"${NC}."
cd $LAST
elif [[ ! "$CURRENT" =~ ^/srv/DEVELOPMENT ]]
then
log CHANGE_DIR FAILED_PERMISSIONS "$ln"
echo -e "${RED}ERROR:${NC} Sorry, you can't change to the directory ${YELLOW}\"${CURRENT}\"${NC}."
cd $LAST
elif [[ `stat -c "%G" ${CURRENT}` == "friendlounge" ]]
then
log CHANGE_DIR "$ln"
else
log CHANGE_DIR FAILED_PERMISSIONS "$ln"
echo -e "${RED}ERROR:${NC} You have no permissions on ${YELLOW}\"${CURRENT}\"${NC}."
cd $LAST
fi
# ECHO
elif [[ "$ln" =~ ^echo\ .*$ ]]
then
$ln
log COMMAND "$ln"
# ACCOUNT
elif [[ "$ln" = "account" ]]
then
echo -e "YOUR ACCOUNT:"
echo -e "Username: $(whoami)"
# OTHERS
else
ok=false
for cmd in "${commands[#]}"
do
if [[ "$cmd" == "$ln" ]]
then
ok=true
fi
done
if $ok
then
$ln
else
echo -e "${RED}ERROR:${NC} You have no permissions to execute ${YELLOW}\"${ln}\"${NC}."
log DENIED "$ln"
fi
fi
}
# WELCOME MESSAGE
echo -e "${INDENTATION}${MAGENTA}Account:${NC}${INDENTATION}$(whoami)"
echo -e "${INDENTATION}${MAGENTA}Date:${NC}${INDENTATION}${INDENTATION}$(timestamp)"
echo -e "${INDENTATION}${MAGENTA}Uptime:${NC}${INDENTATION}${INDENTATION}${SYSTEM_UPTIME}"
echo -e "${INDENTATION}${MAGENTA}Users:${NC}${INDENTATION}${INDENTATION}${SYSTEM_USERS}"
echo -e "${INDENTATION}${MAGENTA}Quota:${NC}${INDENTATION}${INDENTATION}${SYSTEM_QUOTA}"
echo -e "${INDENTATION}${MAGENTA}RAM:${NC}${INDENTATION}${INDENTATION}${SYSTEM_RAM}"
log LOGIN "$#"
cd
trap "trap=\"\";log LOGOUT;exit" EXIT
# Optionally check for '-c custom_command' arguments passed directly to shell
# Then you can also use ssh user#host custom_command, which will execute /root/rbash.sh
if [[ "$1" == "-c" ]]
then
shift
execute "$#"
else
while echo -e -n "${RED}$(whoami)${YELLOW}#${CYAN}$(hostname) ${YELLOW}$(pwd) ${MAGENTA}#${NC} " && read ln
do
execute "$ln"
done
fi
This shell-script checks the permission of the user and force only to the /srv/DEVELOPMENT directory or subdirectorys.
It's irrelevant to set another login-shells like /bin/bash or other - On each login, the SSH-Demon close the connection after the error message XXXX: No such file or directory.
I had try to set different permissions and other. i can't resolve the problem to connect over ssh.
Anyone have an idea?
Before you answer
yes, i known the possible security reasons (for sample, to manage the permissions over my "own" shell-login-script)
no, i don't want to install huge alternatives like schroot or jailkit (found on google, reading the first minutes says, that these alternatives uses a completely decoupled system like a virtual-machine(?) - inform me, when it's wrong with explicit informations)
You may try this, It's is very easy to use.
you can jail a user in 3 steps.
add user
create a jail with a simple configuration file.
jail this user.
The tool is located at :https://github.com/pymumu/jail-shell
When I run the script it passes the userid to respond to the enter userid prompt, when it is prompted for the password it fails.
I am a newbie with expect and would appreciate any help.
version=$1
targetPrompt=":"
if [ "$1o" = "o" ]; then
echo "Syntax is getNewCode [gitrepo version]"
exit
fi
echo "Enter your git userid"
read userid
echo "Enter your git password"
read -s mypassword
###################################################################
publicURL="https://hub.jazz.net/git/xxxxxxxx/cigsdev_mvpFE_$version"
###################################################################
# Call setupNewDirectories to create new directories
/CIGS/setupNewDirectories
###################################################################
# CD to the directory where the public repository will be loaded
#
rm -rf /tmp/FINAL
mkdir /tmp/FINAL
ls /tmp/FINAL | wc -l
cd /tmp/FINAL
#
###################################################################
/usr/bin/expect <<EOD
spawn git clone $publicURL
expect "Username for *:"
send "$userid\n"
expect "Password *:"
send "$mypassword/n"
expect eof
EOD
exit
I am writing a wrapper script around mail. There is a function in the program that I need for looping back to the main menu, but just before the function is declared, the program just exits back to the main prompt. Here is the code:
function restart ()
{
m
}
clear
echo Working...
echo If you are prompted for your sudo password or asked if you want to continue, then you are being
echo prompted to install mailutils. This is normal upon first-time use, or
echo use on a computer without mailutils installed.
echo
echo Starting in 5 seconds...
sleep 5
echo Examining dependencies...
dpkg -l | grep -qw mailutils || sudo apt-get install mailutils
echo Starting client...
function m ()
{
clear
echo Welcome to the Terminal GMail Client, or TGC!
echo Please enter your gmail address:
read acc
name=${acc%#*}
echo Welcome, $name! Would you like to read[R] or write[W] emails?
read opt
if [ $opt=="R" ] || [ $opt=="r" ]
then
echo Working...
sleep 1
clear
mail -u $acc -p
restart
elif [ $opt=="W" ] || [ $opt=="w" ]
then
clear
echo Working...
sleep 1
clear
echo Enter the subject here:
read sub
echo Enter the recipients address here:
read rec
echo Enter carbon copy [CC] here or leave blank for none:
read cc
echo Enter blind carbon copy [Bcc] here or leave blank for none:
read bcc
echo Enter the body of the email here:
read body
echo Sending to $rec...
mail -s $sub -c $cc -b $bcc --user=$acc $rec "$body"
echo Done! Going to main menu in 2 seconds...
sleep 2
restart
fi
}
You see, there is no error, and I am put back at the prompt right after line 15, after 'Starting Client...'.
As others have pointed out in the comments: there's no need for multiple shell functions and recursion - a simple while loop will do.
The following is a revised version of your code with proper quoting and rudimentary error handling. Your script will need a lot more input validation and error checking to stand the test of real-world use.
But perhaps this will get you started.
#!/usr/bin/env bash
clear
echo 'Working...'
echo 'If you are prompted for your sudo password or asked if you want to continue, then you are being
prompted to install mailutils. This is normal upon first-time use, or
use on a computer without mailutils installed.'
echo 'Starting in 5 seconds...'
sleep 5
echo 'Examining dependencies...'
dpkg -l | grep -qw mailutils || sudo apt-get install mailutils || exit
clear
echo 'Starting client...'
while true; do
echo 'Welcome to the Terminal GMail Client, or TGC!'
echo 'Please enter your gmail address:'
read -r acc
name=${acc%#*}
echo "Welcome, $name! Would you like to read[R] or write[W] emails or quit[Q]?"
read -r opt
case $opt in
r|R)
echo 'Working...'
sleep 1
clear
mail -u "$acc" -p || { echo "ERROR: Please try again." >&2; continue; }
;;
w|W)
clear
echo 'Working...'
sleep 1
clear
echo 'Enter the subject here:'
read -r sub
echo "Enter the recipient's address here:"
read -r rec
echo 'Enter carbon copy [CC] here or leave blank for none:'
read -r cc
echo 'Enter blind carbon copy [Bcc] here or leave blank for none:'
read bcc
echo 'Enter the body of the email here:'
read -r body
echo "Sending to $rec..."
mail -s "$sub" -c "$cc" -b "$bcc" --user="$acc" "$rec" "$body" || { echo "ERROR: Please try again." >&2; continue; }
echo 'Done! Going to main menu in 2 seconds...'
sleep 2
;;
q|Q)
echo 'Goodbye.'
exit 0
;;
*)
echo 'ERROR: Unknown command. Please try again.' >&2
;;
esac
done