su using here document

1

file: test.sh

who
su superuser <<BELUGA
mysuperpassword
BELUGA
who

$ ./test.sh

just waits for input. What am I doing wrong? Is there a way to automate this?

andersonbd1

Posted 2010-03-24T17:16:28.803

Reputation: 485

Most programs read the password from the current tty, not from stdin. (This also lets you do things such as pipe a binary file to a su'd command.) – user1686 – 2010-03-24T18:10:49.950

1Note that the su command would not execute the second who - even if you managed to get past the password issue. It would either process the command given on its command line ('-c "command arg1 arg2"') or it would go interactive. Commands asking for a password usually read from your tty rather than from standard input - which means you have to fake it out (probably with 'expect' and a pseudo-tty). – Jonathan Leffler – 2010-03-25T03:51:31.170

Answers

3

You want to use the "expect" command for passing your username and password.

Note however that what you want to do there smells like a bad approach. Maybe we can halp you better if you elaborate a little more on your original problme you want to solve.

snies

Posted 2010-03-24T17:16:28.803

Reputation: 484

4

I think it would be a lot better to install/use sudo an with a configuration config that allows NOPASSWD for the specific action you are trying to automate.

It will be much safer to allow a specific command via sudo then it would be to store your root password in a text file somewhere.

Zoredache

Posted 2010-03-24T17:16:28.803

Reputation: 18 453

With Solaris, pfexec can be used instead of sudo, which isn't installed by default and has some limtations RBAC have not. – jlliagre – 2010-03-24T21:23:03.673

some limitations RBAC has not. sorry for the typos.

<useless rant> Why isn't edit allowed after such a short period of time ?</useless rant> – jlliagre – 2010-03-24T21:57:56.407

1@jlliagre: If editing is locked out, I copy my original comment to the clipboard, delete the comment, create a new blank comment, paste the old comment from the clipboard, then edit it how I wanted to edit the original. – Alex – 2010-03-25T05:12:23.177

2

Running a script as a user and having it upgrade its permissions to root is probably a bad idea. A better solution would be to run the script as root and have it downgrade its permissions as necessary:

#!/bin/sh
UN=user
whoami
sudo -u $UN whoami

When run as root (assuming user is a valid user) the output should be this:

root
user

However if you really want to have a script run as a user and be able to execute commands as root, there are 2 options that I know of.

  1. Use sudo with stored password:

    #!/bin/sh
whoami
sudo -S -p "" whoami <<EOF
mysuperpassword
EOF

    Which will output (when run as 'user'):

    user
root

  2. Use sudo with no password.
    Add a list of the commands that you wish to run into the /etc/sudoers file by running visudo as root. For example, to allow user to run the commands apache2ctl and whoami, add the following:

    User_Alias SPECIAL = user
Cmnd_Alias SPECIAL_COMMANDS = /usr/sbin/apache2ctl, /usr/bin/whoami
SPECIAL ALL = NOPASSWD: SPECIAL_COMMANDS

    Or if you really trust user, if it's you for example, you can allow the user to execute any command without a password:

    user ALL=(ALL) NOPASSWD: ALL

    Then when the following script is run by user:

    #!/bin/sh
whoami
sudo whoami

    It will output:

    user
root

Tim

Posted 2010-03-24T17:16:28.803

Reputation: 1 375

Asked: 2010-03-24T17:16:28.803

Viewed: 1 699 times

Active: 2010-03-25T02:25:51.377