linux shell script query?

Question:

1970-01-01 00:00:00 UTC

linux shell script query?

Five answers:

2008-07-02 02:03:15 UTC

you should really avoid doing this sort of thing, it's very non secure. It sounds like what you what is a command called sudo.

with sudo you can run commands as root without logging in as root, such as.

sudo /usr/sbin/apachectl status

etc

It's probably installed on your system.

man sudo

man sudoers

you can edit the sudoers file via the command visudo

( visudo must be run as root )

you want a entry similar to:

you_user_id ALL=(ALL) ALL

koppe74

2008-07-02 02:19:18 UTC

I don't think it can be done.

What you can try though, is using 'expect'. This is a package for the Tcl/Tk language. It lets you make scripts to communicate with interactive programs (like su), that takes the form of certain queries from a program (like "Password:") being responded to by certain responses (like the password retrieved from a file). The full range of the Tcl language (like if, for, while) is available to you, and it's also possible to escape from the script and let the user take over (e.g after sucessfully logging in). The command 'autoexpect' which is included in the package; "records" the user's interaction with a program, thus easely building a skeleton for an expect-script to be used with the program.

mybadluck22

2008-07-02 02:05:26 UTC

If you need to move to root in a shell script, you might be out of luck. If you can use perl, there is a command in perl to allow you to set uid root, and another command to execute an external script. There is a version of perl that lets your do this. I think it's deprecated, but what can you do. That's how I solved the problem. If you're not concerned with security, you could always setuid root bash, but that's a terrible security risk, and is unadvisable in 99.9% of all situations.

Easton D

2008-07-02 02:01:02 UTC

I did a little Googling and apparently su does not allow its parameters to come from anything other than a real console, which makes sense. Unfortunately, I'm not sure exactly how you would get around that.

rlfwolf

2008-07-02 02:30:45 UTC

sudo is one option to avoid passwords for specific commands so if you don't actually need a root shell, then this might be the best way to go. Just make sure you used the "NOPASS" option in the sudo specification like this:

username ALL=NOPASSWD: /bin/ping, /bin/command2, /sbin/command3

second alternative is to just run the script as root. What I mean is just write your script as normal and then use sudo to run the script itself.

third option... use "expect". Expect is a script language that operates like the old modem scripts. You can define text you expect as prompts and what you want to send when the script sees these prompts on stdin. I don't advise using this method as it is the most insecure way to do this.

forth option is to use suid bit on the script. *** this is a major security risk ***

Here is an example of something I've set up to allow users to burn iso to cd/dvd media.

I created a wrapper script for cdrecord called /usr/bin/burniso containing the following:

#!/bin/sh

sudo cdrecord -v dev=8,0,0 -dao driveropts=burnfree "$@"

Then, I added the following lines to my /etc/sudoers file:

mylogin ALL=NOPASSWD: /usr/bin/cdrecord

%users ALL = /usr/bin/cdrecord

What this does is allow me to run cdrecord without password but when any other user runs it, they have to type in their own password.

ⓘ

This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.