Backstory: I SSH into servers where I want to see a personalized root prompt. However, other people log onto these servers and don't necessarily want me changing the prompt.
Question: How can I make a zsh alias/function such that I can log in as a regular user, and typing [my su shortcut] will launch a su session, source .zshrc from my personal home directory, and leave me at a root prompt?
alias mysu="su -c \"ZDOTDIR=$HOME zsh\""
See zsh(1) for details.
Related
I'm running a bash command on mac that moves a file to private/etc/app_name/.
sudo cp my_file.cpp private/etc/app_name/
Every time the I want to run the bash file, the OS asks for my system password.
> ./run_copy.sh
Password: *******
Is there a way to by-pass this or configure in such way that I only have to enter the password once.
Apparently, on my Macbook, I see /etc directory having symlinks with the /private/etc directory which is owned by the wheel group & root is part of that group. So, you would need to use sudo to copy to that directory.
With that said on a Linux machine, you can work around this by adding your group to a new file in the /etc/sudoers.d/<group-name> path.
<grp-name> ALL=(ALL) NOPASSWD:ALL
I've just tried this on my mac, I could copy files onto /private/etc directory without entering the sudo password prompt.
Unfortunately, this comes up with some risks as users of your group get privileged access without entering any password prompt. You might accidentally delete important system files etc.,
A more niche approach could be to allow selectively like <group> ALL = (ALL) NOPASSWD: /usr/local/bin/copy-script. This way, they can't run all scripts/commands with sudo privileges.
I have the following task for my golang code:
The command has to be run as root user on the server remotely in bash and the command output has to be fetched in a variable.
Logging over ssh as root is disabled.
sudo on the server is disabled, so I have to use 'su -' and type password
since I want to make it as automated as possible in bash, the password has to be stored inside the command
Here are the workflow actions:
Login via SSH (as unprivileged user) to remote host
Elevate to privileged 'root' user --> su -
Type the root password
run the command which root can execute
get to output to string on localhost and do some actions
I have Googled for days, but it seems that I cannot find a solution for this.
Does anyone have a solution to this?
The issue you are facing is concerning interacting with the command after it has been executing.
It is quite easy to use exec.Command for non-interactive commands.
I would recommend using Expect for interaction, or the Golang equivalent located here.
I was logged in via SSH as the user who was currently logged in.
I enter the remote computer using my admin account.
ssh admin_a#ipaddress
Then proceeded with:
su username_b (current login user)
The result left me in bash-prompt (which I don't understand) as the current user logged in ( tested this by using whoami ).
Q1: When I switch over to the user who is logged in, why does it put me into bash-prompt (i.e. ~bash$ ) - why not ~ username_of_current_user$ ?
After I created the bash script and placed it into the current user's directory - the script is called from launch agents, although it doesn't work.
The error logs showed that one of the variable's output is wrong: whoami = root, when it should = current_user_logged_in.
Q2: Why is the script being called from root?
su - invokes a login shell after switching the user. A login shell resets most environment variables, providing a clean base.
su just switches the user, providing a normal shell with an environment nearly the same as with the old user.
The most obvious example of this is that ~ is root's home directory if you use su -, but your own home directory if you use su.
Depending on your system, it may also mean differences in prompt, PATH, or history file.
For more details:
https://unix.stackexchange.com/questions/7013/why-do-we-use-su-and-not-just-su
I have to write a shell script to run some commands on unix. I have to switch several users.
How can I give passwords inside my script?
Note: I am not a root user. Also, security is not an issue in this case, so I could write passwords in my script.
Since you don't have root access, and assuming the programs you want to run aren't setuid, you have two basic choices:
Write an expect script to drive su - <username> and run your commands as child processes of expect.
Have someone with root access give you sudo access to the commands and users you need, and then run your commands with sudo -u <username> <command>.
Option 1 is best if you can't get administrative support, but option 2 is more flexible and easier to script from a Unix shell.
This may be a stupid question.
I have a script that I want to be portable between Mac OS X and a Linux box I use. In OS X, a command in the script requires sudo, where on the Linux box, it does not.
Long story short, how does one run one command in a script with sudo, while then removing the elevated privileges for the rest of the script?
I have tried to use
su -
and
su -c
but they both seem to error out. (They say "sorry" and move on, I assume because it is trying to run as root and root does not have a password).
I know there has to be a silly and easy way to do this, what does everyone suggest?
You can 'revoke' the sudo permission (actually: close the sudo time window early) by doing:
sudo -k
Also, you can configure sudo to only allow elevated permissions on certain commands, or even to impersonate non-root for specific commands. See man sudoers. The examples section makes it exceedingly clear that there is virtually no limit to the configurability of sudo (roles, hosts, commands, allow escaping, allow sudo target users, exceptions to allowed things, password less authorization etc etc).
Hopefully an interesting example in your context:
The user fred can run commands as any user in the DB Runas_Alias (oracle or sybase) without giving a password.
fred ALL = (DB) NOPASSWD: ALL
If you can't / don't really want to meddle with /etc/sudoers (visudo!) then I suggest using something like
{
trap "sudo -k" EXIT INT QUIT TERM
sudo ls # whatever
}
Try sudo su instead of su to change back to a regular user.
Use sudo without su:
#!/bin/bash
whoami # Runs under your regular account
sudo whoami # Runs as root
whoami # Runs under your regular account again
Here's the output when I run it:
$ ./sudotest
gordon
Password:
root
gordon