Assume I am user A(not root user) and I want to run a c-shell script which will execute command in User B(password for B is known to me) and will use the result of that command here.
How can I run a command in User-B.
sudo -u username command1
Above command may prompt for password but I want this to be done in script only.
Thanks for all your suggestions.
you could use a ssh key to allow your user A to log in as user B using user A's private key (and with user A's public key in ~B/.ssh/authorised_keys)
then you simply execute the script as B with:
ssh B#localhost "/path/to/script and maybe some arguments here"
you have following options,
run your command with root so that su - username wont prompt for password
create passordless login for user like passwordless ssh,remove password for user etc. and then run your command
for getting output here to work,
write it in a file and access it in code
store it in a variable and access it in code
Related
I have a shell script which I need to execute from server A which executes commands in Server B as well. But I can execute those commands only being a root user in server B.
Manually if I login to server B then I have to change the user to root and execute delete commands. To automate this I am trying to write a script and execute from server A, but it asks me for password. How do I add my password in the script? (Though it is not recommended), or please suggest if any other way to tackle this.
Add your username in /etc/sudoers with nopasswd to remove password prompt
$ visudo
user ALL=(ALL) NOPASSWD: ALL
You can use sshpass command with -p option
sshpass -p 'your_password' ssh root#your_host ls
refer manual of sshpass for more options
I have the following task for my golang code:
The command has to be run as root user on the server remotely in bash and the command output has to be fetched in a variable.
Logging over ssh as root is disabled.
sudo on the server is disabled, so I have to use 'su -' and type password
since I want to make it as automated as possible in bash, the password has to be stored inside the command
Here are the workflow actions:
Login via SSH (as unprivileged user) to remote host
Elevate to privileged 'root' user --> su -
Type the root password
run the command which root can execute
get to output to string on localhost and do some actions
I have Googled for days, but it seems that I cannot find a solution for this.
Does anyone have a solution to this?
The issue you are facing is concerning interacting with the command after it has been executing.
It is quite easy to use exec.Command for non-interactive commands.
I would recommend using Expect for interaction, or the Golang equivalent located here.
I am new to unix and scripting, need your help for the below scenario.
These are the contents of my .sh file
#!/bin/bash
usrun xyz
whoami
When I am calling this bash file from putty its asking me for my xyz user's password some other information to properly log in the xyz user.
After successfully login, the $ sign in putty changes to #### xyz$, so I am guessing its opening a new session for the xyz user.
However, after that, the whoami command is not getting executed. Only after I type exit the whoami command is getting executed.
why is this happening? How to execute the whoami command after successful authentication of xyz user?
The #### represents the last four digits of my server to which I am currently connected to via putty.
The usrun command without any parameters blocks the execution of the bash script. Thus, until the command is not finished (when you type exit), the next command (whoami) is not executed.
If you want to login into the machine and execute a command you should try:
#!/bin/bash
usrun -u xyz whoami
The -u option allows you to specify the user and next you can provide the command to execute.
If you want to execute more than one command in the remote machine using Putty I suggest you to follow something similar to this post:
https://superuser.com/questions/1103873/how-to-type-commands-in-putty-by-creating-batch-file
I'm working on a script in which I need to change the user, i have sudo access, i tried something like below but without success.
echo $passwd | sudo -S su - oracle
I even tried installed ssshpass but no success with that either. Is that even possible or do I need to install something else to make this work?
Any idea
If you will run your script with root account, you can just
message="The cake is a lie"
su username -c 'echo $message'
If you will run your script with another user you have two ways to do that,
1) Configuring pam like bellow so when you run su user2 -c 'command' logged with user1, linux will not ask for password.
Add the following lines right below the pam_rootok.so line in your /etc/pam.d/su:
auth [success=ignore default=1] pam_succeed_if.so user = user2
auth sufficient pam_succeed_if.so use_uid user = user1
The first line makes sure the target user is user2. If it is, the next line will take control and succeed authorization if the calling user is user1.
If the target user is something else, the second line will be ignored and the usual authentication steps will be performed.
2) Write your script using expect as here
I'm trying to write a bash script that sets up my web development environment in ubuntu. As part of the process of setting up the script, it needs to edit files that are owned by root. It also needs to create fields in the public_html directory of the user that runs the script.
Should I therefore require that the script be run as the superuser? If it should, then how do I get it to access the current user's username? I would normally use the $USER variable, but I can't do that if the script is being run as the superuser. If I'm not the superuser, how can I get the script to request super user privileges for certain operations, while not requiring the user to type in a password for every operation that requires super user privileges.
Thanks
You can use the -E flag for sudo to preserve the environment variables, or, you can set up sudoers to preserve the environment on a per-command basis.
You can also set up the sudoers file to not ask for a password on a per-command basis, for example, to allow user xy to use smbmount without asking for a password:
xy ALL=NOPASSWD: /usr/bin/smbmount
In your case, it would be enough to just store the current user in a variable before invoking sudo, and use the already saved username:
CURRENT_USER=$USER
sudo yourscript.sh $CURRENT_USER
Then read the username from $1.
You can also use the SUDO_USER env variable, which is set to the user who is invoking sudo.
Insert a check at the top of the script:
# Make sure only root can run this script
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root" 1>&2
exit 1
fi
In this way when you run it without the root privileges you will be prompted, then you can simply rerun it the right way with:
sudo yourscript.sh
More infos at http://www.cyberciti.biz/tips/shell-root-user-check-script.html
There's a command named sudo for this purpose. It lets you specify that certain users can run certain commands as root (or another user).
If your users have root access anyway, you could just write a script that must be run as root and takes an username as parameter, instead of picking up the username.
Alternatively, one way of picking up the login username in an interactive shell is:
stat -Lc %U /proc/self/fd/0
This retrieves the ovner of the tty associated with stdin.
Just make it a setuid file. Or use sudo which is probably safer, since you can limit who gets to run it.
chmod 4755 script.sh
In Ubuntu, there's the SUDO_USER environment variable.
So, you can just run your script sudo somescript.sh and have it pull the invoking user's username $SUDO_USER.
Not sure on other dists, though.