I have a unix shell script file whose owner is "xyz" when run deletes some specific files.
I want to trigger this script to delete files in some other directory where the owner for the files to be deleted is different from the owner of the script. Is this possible? Is this possible to run this script as different user so that it can delete those new files?
EDIT : I use Autosys to periodically trigger this script.
You can chmod the files that need to be deleted first if you have sufficient rights. Afterwards your script, no matter what user it executes, will succeed.
Examples : http://en.wikipedia.org/wiki/Chmod
Usually you use sudo for that:
sudo -u ANOTHER_USER /path/to/the/script.sh
However, your current account needs proper permissions to do so. You can configure those permissions using the file /etc/sudoers.
You'll find a ton of articles out there how to use sudo. This for example: http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:Ch09:_Linux_Users_and_Sudo
Related
My question is how I can make one folder accessible when script running.
In this case lets call there is bob who copying his folder by using script to specific location and there is jeff who also sharing the same group as bob also he copying his file to there with using script.
The problem is that when I set file group they need write and execute permission and when I gave to them they are able to see each other file content if they know full path of the file.
To stop that I am thinking to completely deleting all permission on folder and only giving the permission when script running and doing copying process.
But problem is that when those users run the script and script try to chmod the file permission they are not going to be able to because they don't have enough permission to do it. Also if I add them on sudoers, they are going to be able to chmod and change anything as they want to change.
So I am so confused about how I can make the script change permission of folder and when copying completed turn back to previous permission
You should add a sudoers entry to allow ALL or the selected group to run a given script that does the copy to a restricted directory, with NOPASSWD to avoid the password prompt.
Then the users invoke
$ sudo /path/to/copy-to-restricted-dir files*
but users don't have access to restricted directory nor to chmod.
I've built a script that places an icon in the launcher to open a program as the root user. This script also adds NOPASSWD to the user's configuration for this specific app in /etc/sudoers, however the one part of the script that refuses to work is the creation of the profile in /root/.config/<app>. I can create this manually, using the same mkdir command, but when I place the same command in the script it returns no such file or directory. I have replicated this behaviour a number of times, including on a clean install.
Is there some form of protection that disallows the ability to automate the creation of this directory? Or am I missing something about hidden folders in Linux?
I assume you are doing this when the .config dir does not exist yet.
mkdir /root/.config/<app>
Try this :
mkdir -p /root/.config/<app>
This will create any missing parent directory to the full path you provide.
I want to make a shell script, which is executed when it is clicked on. I know you can do this with the Terminal command chmod u+x (filename) but I want to be able to send the file let's say by email or scp, and it should still be executed when clicked on by the new user.
I don't really think that is possible. The executability of the file is not an attribute within the file which tells the system to execute it. Its something you tell the system to do. I guess it is a security measure, regarding running maybe a risky command, lets say, rm -rf an important system folder.
I have a custom requirement by a specific user , that he wants me to write a shell script to move files from one folder to another folder . These two folders have different owners
Now, I managed to do that by logging in as root, but want to achieve this without giving root privileges to user.
I am not allowed to do any new package installation,
Not allowed to use any another shell than Korn .
Please suggest a solution.
Yeah I know this is not a safer way and a bad approach, still am curious about satisfying the need of a user ..
Write a script to move files.
change the ownership of the script to root
Update the /etc/sudoers file to give the user permissions to run the script as root:
user ALL = NOPASSWD: /opt/script.sh
User can execute the script: sudo /opt/script.sh
That shouldn't ask for root password, but give the user privileges to run the script as root.
I have a binary script along with a key file and required libs in a folder on my shell. There are 3 users on the shell currently whom I want to allow to run the binary script. Each user who runs it runs it as a separate instance/process. In order to start, the script is run by using an .sh file which specifies the location of the binary and its libs. For example, ./script.sh is the command.
I have the script currently in /home/script/user (will create also dir called /user2 for other user) where script is a new user I created for it. User runs the .sh from their homedir and then it automatically writes a config file in /home/script/user. I have been playing around with chmod because I don't want anyone to be allowed to steal the script or any of its contents inside the directory. To summarize, I only want users to be able to execute the binary and read the libs and key file as well as write their config to respective user directory in /home/script/. I don't want to allow them to delete, edit, copy, or download anything inside the /script directory. Currently only the binary can't be altered in anyway, but the key file and libs are able to be copied or downloaded. I couldn't figure out how to chmod the key and libs so that they can't be copied etc, only read to run binary successfully.
Please let me know how I can accomplish my permission goals and/or if there is another or easier way to do this. Thanks.
I believe you can achieve most of what you want with chmod and groups. So to allow a bunch of users to run a script you'd create a group, add them to it. Create a group and add users to it like this:
groupadd <groupname>
usermod -a -G <groupname> <username>
Then to make a file only executable by a group you'd run
chgrp <groupname> <file>
chmod g+x <file>
Unfortunately because of the way that chmod works you cannot allow a file to be read but not copied. This is because chmod works with read, write and execute permissions and if you can read you can copy.