Hi.
Suppose I want to start a process from a script with a sudo or su command like this:
su -root /path_to/command
or this, I don’t really care which:
sudo /path_to/command
Is there an option to put the root password in there somewhere so the command will run from a script started by a normal user. I understand the security implications.
Thanks
Swerdna
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Modify /etc/sudoers (see man page for exactly how, or one of a million
posts online) and add the ‘NOPASSWD’ option for when you run your script
so that you just are not prompted. Storing passwords in files is just
better to be avoided.
Good luck.
swerdna wrote:
> Hi.
> Suppose I want to start a process from a script with a sudo or su
> command like this:
> su -root /path_to/command
> or this, I don’t really care which:
> sudo /path_to/command
>
> Is there an option to put the root password in there somewhere so the
> command will run from a script started by a normal user. I understand
> the security implications.
>
> Thanks
> Swerdna
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJYlZR3s42bA80+9kRAlMVAJ9GKZpAyZ9k6KPVlSZ/Cw4cswgS1wCfQgH5
Z0ZIjLZq6XvCA+xPGrO2WAQ=
=Xc3J
-----END PGP SIGNATURE-----
Thanks ab, too easy.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Absolutely… as you know, this is Linux. If you want something hard
feel free to try another OS. 
Good luck.
swerdna wrote:
> Thanks ab, too easy.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJYl213s42bA80+9kRAsMKAJwNOWbhwXDN9X3VdQb/IZmIPgSdKwCfeBuA
K0jT5ufLsuZIEbHVmoyOL/k=
=gfST
-----END PGP SIGNATURE-----
Hi,
I would solve this with the setuid-bit. Let’s say your script is named /root/bin/foo.sh. First you make root the owner of the script:
chown root:users /root/bin/foo.sh
Then you change the rights like this:
chmod 4750 /root/bin/foo.sh
Now the script is executable for users which are in the group users but runs with root rights. Be careful with this. I would also add a special group for that issue where only trusted users are in.
hth
Greetings
Erik
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Except that you can’t use setuid on shell scripts in SUSE, or most *nix
distros for that matter:
http://www.tuxation.com/setuid-on-shell-scripts.html
Good luck.
erikro wrote:
> Hi,
>
> swerdna;1922113 Wrote:
>> Hi.
>> Suppose I want to start a process from a script with a sudo or su
>> command like this:
>> su -root /path_to/command
>> or this, I don’t really care which:
>> sudo /path_to/command
>>
>> Is there an option to put the root password in there somewhere so the
>> command will run from a script started by a normal user. I understand
>> the security implications.
>>
>
> I would solve this with the setuid-bit. Let’s say your script is named
> /root/bin/foo.sh. First you make root the owner of the script:
>
>
> Code:
> --------------------
>
> chown root:users /root/bin/foo.sh
>
> --------------------
>
>
> Then you change the rights like this:
>
>
> Code:
> --------------------
>
> chmod 4750 /root/bin/foo.sh
>
> --------------------
>
>
> Now the script is executable for users which are in the group users but
> runs with root rights. Be careful with this. I would also add a special
> group for that issue where only trusted users are in.
>
> hth
>
> Greetings
>
> Erik
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJYma63s42bA80+9kRAl7QAJ9Yg/xC3a48ja7q8ThJq+ULByJk5ACeOFJ4
qVhwmnEe2JD31ykya7YVmwQ=
=jP1/
-----END PGP SIGNATURE-----