Results 1 to 6 of 6

Thread: How do I run su or sudo from a script as normal user

  1. #1
    swerdna NNTP User

    Default How do I run su or sudo from a script as normal user


    Hi.
    Suppose I want to start a process from a script with a sudo or su
    command like this:
    su -root /path_to/command
    or this, I don't really care which:
    sudo /path_to/command

    Is there an option to put the root password in there somewhere so the
    command will run from a script started by a normal user. I understand
    the security implications.

    Thanks
    Swerdna


    --
    Conservative forces have mustered to keep the old tags. Don't let the
    old guard win! 'Vote for Swerdna's Susers'
    (http://tinyurl.com/985fp2).
    ------------------------------------------------------------------------
    swerdna's Profile: http://forums.opensuse.org/member.php?userid=84
    View this thread: http://forums.opensuse.org/showthread.php?t=404081


  2. #2
    ab@novell.com NNTP User

    Default Re: How do I run su or sudo from a script as normal user

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Modify /etc/sudoers (see man page for exactly how, or one of a million
    posts online) and add the 'NOPASSWD' option for when you run your script
    so that you just are not prompted. Storing passwords in files is just
    better to be avoided.

    Good luck.





    swerdna wrote:
    > Hi.
    > Suppose I want to start a process from a script with a sudo or su
    > command like this:
    > su -root /path_to/command
    > or this, I don't really care which:
    > sudo /path_to/command
    >
    > Is there an option to put the root password in there somewhere so the
    > command will run from a script started by a normal user. I understand
    > the security implications.
    >
    > Thanks
    > Swerdna
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFJYlZR3s42bA80+9kRAlMVAJ9GKZpAyZ9k6KPVlSZ/Cw4cswgS1wCfQgH5
    Z0ZIjLZq6XvCA+xPGrO2WAQ=
    =Xc3J
    -----END PGP SIGNATURE-----

  3. #3
    swerdna NNTP User

    Default Re: How do I run su or sudo from a script as normal user


    Thanks ab, too easy.


    --
    Conservative forces have mustered to keep the old tags. Don't let the
    old guard win! 'Vote for Swerdna's Susers'
    (http://tinyurl.com/985fp2).
    ------------------------------------------------------------------------
    swerdna's Profile: http://forums.opensuse.org/member.php?userid=84
    View this thread: http://forums.opensuse.org/showthread.php?t=404081


  4. #4
    ab@novell.com NNTP User

    Default Re: How do I run su or sudo from a script as normal user

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Absolutely.... as you know, this is Linux. If you want something hard
    feel free to try another OS. :-)

    Good luck.





    swerdna wrote:
    > Thanks ab, too easy.
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFJYl213s42bA80+9kRAsMKAJwNOWbhwXDN9X3VdQb/IZmIPgSdKwCfeBuA
    K0jT5ufLsuZIEbHVmoyOL/k=
    =gfST
    -----END PGP SIGNATURE-----

  5. #5
    erikro NNTP User

    Default Re: How do I run su or sudo from a script as normal user


    Hi,

    swerdna;1922113 Wrote:
    > Hi.
    > Suppose I want to start a process from a script with a sudo or su
    > command like this:
    > su -root /path_to/command
    > or this, I don't really care which:
    > sudo /path_to/command
    >
    > Is there an option to put the root password in there somewhere so the
    > command will run from a script started by a normal user. I understand
    > the security implications.
    >


    I would solve this with the setuid-bit. Let's say your script is named
    /root/bin/foo.sh. First you make root the owner of the script:


    Code:
    --------------------

    chown root:users /root/bin/foo.sh

    --------------------


    Then you change the rights like this:


    Code:
    --------------------

    chmod 4750 /root/bin/foo.sh

    --------------------


    Now the script is executable for users which are in the group users but
    runs with root rights. Be careful with this. I would also add a special
    group for that issue where only trusted users are in.

    hth

    Greetings

    Erik


    --
    erikro
    ------------------------------------------------------------------------
    erikro's Profile: http://forums.opensuse.org/member.php?userid=17317
    View this thread: http://forums.opensuse.org/showthread.php?t=404081


  6. #6
    ab@novell.com NNTP User

    Default Re: How do I run su or sudo from a script as normal user

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Except that you can't use setuid on shell scripts in SUSE, or most *nix
    distros for that matter:
    http://www.tuxation.com/setuid-on-shell-scripts.html

    Good luck.





    erikro wrote:
    > Hi,
    >
    > swerdna;1922113 Wrote:
    >> Hi.
    >> Suppose I want to start a process from a script with a sudo or su
    >> command like this:
    >> su -root /path_to/command
    >> or this, I don't really care which:
    >> sudo /path_to/command
    >>
    >> Is there an option to put the root password in there somewhere so the
    >> command will run from a script started by a normal user. I understand
    >> the security implications.
    >>

    >
    > I would solve this with the setuid-bit. Let's say your script is named
    > /root/bin/foo.sh. First you make root the owner of the script:
    >
    >
    > Code:
    > --------------------
    >
    > chown root:users /root/bin/foo.sh
    >
    > --------------------
    >
    >
    > Then you change the rights like this:
    >
    >
    > Code:
    > --------------------
    >
    > chmod 4750 /root/bin/foo.sh
    >
    > --------------------
    >
    >
    > Now the script is executable for users which are in the group users but
    > runs with root rights. Be careful with this. I would also add a special
    > group for that issue where only trusted users are in.
    >
    > hth
    >
    > Greetings
    >
    > Erik
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFJYma63s42bA80+9kRAl7QAJ9Yg/xC3a48ja7q8ThJq+ULByJk5ACeOFJ4
    qVhwmnEe2JD31ykya7YVmwQ=
    =jP1/
    -----END PGP SIGNATURE-----

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •