how write.sh for su user1 and command start?

hello

i want to create file script bash (-sh)

#!/bin/bash
su - username -c XXXXXXXX

xxxx= a command

but i want put in my password for “su - username” but how?
without ask me password because already i will put inside file sh…i dont find solution…

Basicaly that should not be done. Putting any password unencrypted in any file isn’t that secur isn’t it?

Like all the other programs/tools/scripts you want to execute with as another user, it should be done like:

su - user1 -c 'path-to-your-script'

Which then of course will ask you for the password. Which you then can type if nobody is looking over your shoulders, listening on the connection, etc., etc.

In general I can think of 3 ways to run a script with elevated permissions (and not violate any security).

1. Start with an environment with sufficient permissions (eg console)
If you already have a root console running, just execute the script

su
./script.sh

2. From a normal User with insufficient permissions, you can temporarily elevate using sudo (by default will elevate. Won’t get into sudo configuration here). You will be prompted to interactively enter the root password

sudo ./script.sh

3. Invoke your script from something that already is running with elevated permissions.
Like creating or modifying a systemd Unit file that describes executing triggered by a boot process.
Or a running app which had already acquired elevated permissions like a YAST applet (from YAST).

TSU

Always use

su -

or

su -l

not plain

su

hello all people

then

you are right for opinions,
i will create script for MEGA multi-account

for this reason i need “click” “multi-mega.sh” this mean will open command of mega (megasync) with different account of login kde4, i do worked as perfect but i need to create script bash for “one -click” ok?

i worked:
open terminal and bash is user1
su - user2

"password: " i put my password of user2 login

bash is user2

megasync

that is start as normal account of user2.
ok?

i need to try create one-click…
can help me?

Hmmm…
When I use those flags to implement as a “login shell” it resets all my environmental variables, and those that are set in /etc/profile.local or /etc/profile/* to use the $HOME variable in the environmental setting crash if the path is to the “normal User” home directory. I was always aware that if this slight configuration inconsistency might one day cause a problem, by making “su” re-login using root specific environmental variables instead of retaining what had already been set up during boot pointing to a normal User configuration.

Bottom line is that by using the login flag as described, you might by default lose access to apps installed specifically under your original User account while possibly gaining access to apps intended only to run as root. Of course these effects can be overcome by some additional explicit path description and possibly re-running some commands, but isn’t that the whole purpose of environmental variables in the first place, to make these setting automatically?

So, now I’m considering (since the reasoning for recommending login shell is not described in detail) whether this is actually just a configuration choice rather than one better than the other. Minimally, it should be recognized that they are <different> and possibly significantly. After all, if you are originally logged in as a normal User but create a root console, do you <really> want to change your environmental settings to the root profile rather than retain what was created during your original boot?

TSU

Exactly. When you want to act as another user, you better have this users full environment. Special when the other user is root. Imagine when you do not use the PATH, the aliases, etc. of root when being root. Everything can happen.

I assume it one of the first “best practises” of Unix.

In practice I only use the dash if I need the full root environment. Of course you do need to understand when you need that and when you don’t. If you don’t understand this then always use the dash.

On 2015-06-22 17:36, manuel songokuh wrote:

> but i want put in my password for “su - username” but how?
> without ask me password because already i will put inside file sh…i
> dont find solution…

Impossible. “su” will always ask the password on the keyboard.

You might try with


echo password > su - ... whatever

but I don’t think it will work. Instead, you could use sudo, configured
so that this particular command and user does not request password.


Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

In the special case of invoking “su” I typically am mainly interested in just getting elevated permissions, but in the context of my original User login… I still want my ordinary access to apps related to my original normal User login.

The philosophy of the “login shell” is entirely different, the idea that although I might have originally logged in as a normal User, the root console would be a completely different and unrelated "root user’ rather than myself as a root user.

Hope I’m making myself a bit clearer than mud.
The more I think about this, it’s a matter of educated choice, one not necessarily better than the other but different.

TSU

Whenyou fail to understand the security implications, please do as you like.