Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: how write.sh for su user1 and command start?

  1. #1

    Default how write.sh for su user1 and command start?

    hello

    i want to create file script bash (-sh)

    Code:
    #!/bin/bash
    su - username -c XXXXXXXX
    xxxx= a command

    but i want put in my password for "su - username" but how?
    without ask me password because already i will put inside file sh..i dont find solution..

  2. #2
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,147

    Default Re: how write.sh for su user1 and command start?

    Basicaly that should not be done. Putting any password unencrypted in any file isn't that secur isn't it?

    Like all the other programs/tools/scripts you want to execute with as another user, it should be done like:
    Code:
    su - user1 -c 'path-to-your-script'
    Which then of course will ask you for the password. Which you then can type if nobody is looking over your shoulders, listening on the connection, etc., etc.
    Last edited by hcvv; 22-Jun-2015 at 08:55.
    Henk van Velden

  3. #3
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,283
    Blog Entries
    2

    Default Re: how write.sh for su user1 and command start?

    In general I can think of 3 ways to run a script with elevated permissions (and not violate any security).

    1. Start with an environment with sufficient permissions (eg console)
    If you already have a root console running, just execute the script
    Code:
    su
    ./script.sh
    2. From a normal User with insufficient permissions, you can temporarily elevate using sudo (by default will elevate. Won't get into sudo configuration here). You will be prompted to interactively enter the root password
    Code:
    sudo ./script.sh
    3. Invoke your script from something that already is running with elevated permissions.
    Like creating or modifying a systemd Unit file that describes executing triggered by a boot process.
    Or a running app which had already acquired elevated permissions like a YAST applet (from YAST).

    TSU

  4. #4
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,147

    Default Re: how write.sh for su user1 and command start?

    Quote Originally Posted by tsu2 View Post
    Code:
    su
    ./script.sh
    Always use
    Code:
    su -
    or
    Code:
    su -l
    not plain
    Code:
    su
    Henk van Velden

  5. #5

    Default Re: how write.sh for su user1 and command start?

    hello all people

    then

    you are right for opinions,
    i will create script for MEGA multi-account

    for this reason i need "click" "multi-mega.sh" this mean will open command of mega (megasync) with different account of login kde4, i do worked as perfect but i need to create script bash for "one -click" ok?

    i worked:
    open terminal and bash is user1
    su - user2



    "password: " i put my password of user2 login

    bash is user2

    megasync

    that is start as normal account of user2.
    ok?


    i need to try create one-click..
    can help me?

  6. #6
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,283
    Blog Entries
    2

    Default Re: how write.sh for su user1 and command start?

    Quote Originally Posted by hcvv View Post
    Always use
    Code:
    su -
    or
    Code:
    su -l
    not plain
    Code:
    su
    Hmmm...
    When I use those flags to implement as a "login shell" it resets all my environmental variables, and those that are set in /etc/profile.local or /etc/profile/* to use the $HOME variable in the environmental setting crash if the path is to the "normal User" home directory. I was always aware that if this slight configuration inconsistency might one day cause a problem, by making "su" re-login using root specific environmental variables instead of retaining what had already been set up during boot pointing to a normal User configuration.

    Bottom line is that by using the login flag as described, you might by default lose access to apps installed specifically under your original User account while possibly gaining access to apps intended only to run as root. Of course these effects can be overcome by some additional explicit path description and possibly re-running some commands, but isn't that the whole purpose of environmental variables in the first place, to make these setting automatically?

    So, now I'm considering (since the reasoning for recommending login shell is not described in detail) whether this is actually just a configuration choice rather than one better than the other. Minimally, it should be recognized that they are <different> and possibly significantly. After all, if you are originally logged in as a normal User but create a root console, do you <really> want to change your environmental settings to the root profile rather than retain what was created during your original boot?

    TSU

  7. #7
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,147

    Default Re: how write.sh for su user1 and command start?

    Exactly. When you want to act as another user, you better have this users full environment. Special when the other user is root. Imagine when you do not use the PATH, the aliases, etc. of root when being root. Everything can happen.

    I assume it one of the first "best practises" of Unix.
    Henk van Velden

  8. #8
    Join Date
    Nov 2009
    Location
    West Virginia Sector 13
    Posts
    15,744

    Default Re: how write.sh for su user1 and command start?

    In practice I only use the dash if I need the full root environment. Of course you do need to understand when you need that and when you don't. If you don't understand this then always use the dash.

  9. #9
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: how write.sh for su user1 and command start?

    On 2015-06-22 17:36, manuel songokuh wrote:

    > but i want put in my password for "su - username" but how?
    > without ask me password because already i will put inside file sh..i
    > dont find solution..


    Impossible. "su" will always ask the password on the keyboard.

    You might try with

    Code:
    echo password > su - ... whatever
    but I don't think it will work. Instead, you could use sudo, configured
    so that this particular command and user does not request password.

    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))

  10. #10
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,283
    Blog Entries
    2

    Default Re: how write.sh for su user1 and command start?

    Quote Originally Posted by hcvv View Post
    Exactly. When you want to act as another user, you better have this users full environment. Special when the other user is root. Imagine when you do not use the PATH, the aliases, etc. of root when being root. Everything can happen.

    I assume it one of the first "best practises" of Unix.
    In the special case of invoking "su" I typically am mainly interested in just getting elevated permissions, but in the context of my original User login... I still want my ordinary access to apps related to my original normal User login.

    The philosophy of the "login shell" is entirely different, the idea that although I might have originally logged in as a normal User, the root console would be a completely different and unrelated "root user' rather than myself as a root user.

    Hope I'm making myself a bit clearer than mud.
    The more I think about this, it's a matter of educated choice, one not necessarily better than the other but different.

    TSU

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •