How do I run su or sudo from a script as normal user

Hi.
Suppose I want to start a process from a script with a sudo or su
command like this:
su -root /path_to/command
or this, I don’t really care which:
sudo /path_to/command

Is there an option to put the root password in there somewhere so the
command will run from a script started by a normal user. I understand
the security implications.

Thanks
Swerdna


Conservative forces have mustered to keep the old tags. Don’t let the
old guard win! ‘Vote for Swerdna’s Susers’
(http://tinyurl.com/985fp2).

swerdna’s Profile: http://forums.opensuse.org/member.php?userid=84
View this thread: http://forums.opensuse.org/showthread.php?t=404081

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Modify /etc/sudoers (see man page for exactly how, or one of a million
posts online) and add the ‘NOPASSWD’ option for when you run your script
so that you just are not prompted. Storing passwords in files is just
better to be avoided.

Good luck.

swerdna wrote:
> Hi.
> Suppose I want to start a process from a script with a sudo or su
> command like this:
> su -root /path_to/command
> or this, I don’t really care which:
> sudo /path_to/command
>
> Is there an option to put the root password in there somewhere so the
> command will run from a script started by a normal user. I understand
> the security implications.
>
> Thanks
> Swerdna
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJYlZR3s42bA80+9kRAlMVAJ9GKZpAyZ9k6KPVlSZ/Cw4cswgS1wCfQgH5
Z0ZIjLZq6XvCA+xPGrO2WAQ=
=Xc3J
-----END PGP SIGNATURE-----

Thanks ab, too easy.


Conservative forces have mustered to keep the old tags. Don’t let the
old guard win! ‘Vote for Swerdna’s Susers’
(http://tinyurl.com/985fp2).

swerdna’s Profile: http://forums.opensuse.org/member.php?userid=84
View this thread: http://forums.opensuse.org/showthread.php?t=404081

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Absolutely… as you know, this is Linux. If you want something hard
feel free to try another OS. :slight_smile:

Good luck.

swerdna wrote:
> Thanks ab, too easy.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJYl213s42bA80+9kRAsMKAJwNOWbhwXDN9X3VdQb/IZmIPgSdKwCfeBuA
K0jT5ufLsuZIEbHVmoyOL/k=
=gfST
-----END PGP SIGNATURE-----

Hi,

swerdna;1922113 Wrote:
> Hi.
> Suppose I want to start a process from a script with a sudo or su
> command like this:
> su -root /path_to/command
> or this, I don’t really care which:
> sudo /path_to/command
>
> Is there an option to put the root password in there somewhere so the
> command will run from a script started by a normal user. I understand
> the security implications.
>

I would solve this with the setuid-bit. Let’s say your script is named
/root/bin/foo.sh. First you make root the owner of the script:

Code:

chown root:users /root/bin/foo.sh


Then you change the rights like this:

Code:

chmod 4750 /root/bin/foo.sh


Now the script is executable for users which are in the group users but
runs with root rights. Be careful with this. I would also add a special
group for that issue where only trusted users are in.

hth

Greetings

Erik


erikro

erikro’s Profile: http://forums.opensuse.org/member.php?userid=17317
View this thread: http://forums.opensuse.org/showthread.php?t=404081

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Except that you can’t use setuid on shell scripts in SUSE, or most *nix
distros for that matter:
http://www.tuxation.com/setuid-on-shell-scripts.html

Good luck.

erikro wrote:
> Hi,
>
> swerdna;1922113 Wrote:
>> Hi.
>> Suppose I want to start a process from a script with a sudo or su
>> command like this:
>> su -root /path_to/command
>> or this, I don’t really care which:
>> sudo /path_to/command
>>
>> Is there an option to put the root password in there somewhere so the
>> command will run from a script started by a normal user. I understand
>> the security implications.
>>
>
> I would solve this with the setuid-bit. Let’s say your script is named
> /root/bin/foo.sh. First you make root the owner of the script:
>
>
> Code:
> --------------------
>
> chown root:users /root/bin/foo.sh
>
> --------------------
>
>
> Then you change the rights like this:
>
>
> Code:
> --------------------
>
> chmod 4750 /root/bin/foo.sh
>
> --------------------
>
>
> Now the script is executable for users which are in the group users but
> runs with root rights. Be careful with this. I would also add a special
> group for that issue where only trusted users are in.
>
> hth
>
> Greetings
>
> Erik
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJYma63s42bA80+9kRAl7QAJ9Yg/xC3a48ja7q8ThJq+ULByJk5ACeOFJ4
qVhwmnEe2JD31ykya7YVmwQ=
=jP1/
-----END PGP SIGNATURE-----