I have a script in a user /home directory and I want to execute this script with an other user.
The script is in UserA home :
/home/UserA/command/command.sh
I want to execute this script with /home/UserB
What I did and wanted to know if there is an easier way to do it , is :
I gave the right to write and execute on this directory to other (chmod 703): /home/UserA/command
Is there a way to give the right only to UserB instead of other ?
In /home/UserB/.bash_profile , I added in the path /home/UserA/command
Another problem, I have, is that in the script command.sh, I use a variable $LISTPATH ($HOME/List) and this variable is defined in the UserA .bash_profile.
So when I start the script from /home/UserB, this variable is always empty.
Do I need to also add this variable in the .bash_profile of UserB:
$LISTPATH=/home/UserA/List
Thanks for your help
What a mess!
In my opinion:
You can create a group which UserB belongs to so you can assign this group to /home/userA/command and set right permission (such as chmod 730 /home/userA/command).
You better put the variable $LISTPATH on the top of your script.
Anyway, I think you better reorganize your project, you better put the script in /opt/< some subfolder>... instead of /home/userA/command.
Related
I have a question about touching a path in a shell script. I'm making a script that clears some directories and add some files, now I'm trying to do this with touch /name/of/path instead of a find. I have some troubles with one of the paths this is becaus the last bit of the name changes in every file (the files are about working orders) now I tried some stuff like a variable or just the path with a * but it gives me an error
can anyone tell me if i need to change my variable for example.
the variable im currently using:
test='path/to/touch/annoy\ ing\ space*/'
and in my code I would like to execute this like
touch $test/test.txt
the error I get when running this is
touch: invalid option --'\'
I guess i get this option because there are \ in the varriabe but that is because there are spaces in the directory name I'm trying to enter.
I also tried something like this
touch path/to/touch/annoy\ ing\ space*/test.txt
but I also get an error when I try it like this, I read this is because I use a wildcard in touch and that isn't allowed. Can anyone confirm this?
If someone could give me an example or tip how to do this it would realy help me out. thanks in advance
Whats going on so for my unix/linux class the teacher wants us to create a create_assignment executable to use for all of our work or he takes off points. I have been trying for a week now and asked the teacher twice and it hasn't helped at all. so when I type ./create_assignment assignment3 it is suppose to make assignment 3 with a header I know I'm suppose to use chmod +x create_assignment to make it executable. I got it to make a create_assignment executable one time but it wouldnt do anything so I need to be shown how to make it executable and make it create the new assignment, I can post pictures if needed.
I am guessing you tried chmod u+x to make it executable?
Please share the code of your script. Have you checked file permissions? What user is running the job, and does that user own the destination folder/file?
I have a unix command 'abc' which gives me an output
This abc lies on my server.
But when i run this command from server, i want to restrict the output of it to be seen by people.
By the above statement , i meant..
For eg. If i say:
ls dirname
I can see the output of the above command on the console.
So, if the command is run from command-line, i dont want to have echoed on the console. I cant use /dev/null as I am using the same command from my program where I need the output to be assigned to a variable and then use it further in my application.
However, I want to get the output of this command when I call this from my program.
How can I differentiate the call in this regard.
The command whoami gives you the current logged user, and the command last -i outputs information of the last logged users in the system, including the IP address (3rd column) and the timestamp or a string stating that the user is stil logged in.
With that in mind you could pipe these commands:
last -i | grep $(whoami) | grep 'still logged in'
which will provide an output like this:
(username) pts/2 0.0.0.0 Wed Dec 23 18:58 still logged in
(username) :0 0.0.0.0 Wed Dec 23 11:13 still logged in
so if you are running a shell in the same host, the IP will be 0.0.0.0 and different otherwise. You can extract the IP string by piping awk at the end of the command.
However, addhering to the philosophy in unix systems of Do One Thing and Do It Well, I'd suggest a different approach, split your command into 2 different commands:
A command to be used by the clients, where the output is whatever you
want the clients to see
Another command (offering 2 options, since there isnt much detail in the question):
Either extending the first command, adding the additional output, and using this one from your application
Or just generating the additional output, and using a combination of the 2 commands from your application
Some of the benefits you can get by following this approach:
Performing checks to verify where the command was issued from, is no longer necessary
Avoid coupling issues
Easier to maintain
Updated: added the means to extract the IP of the current user at the beggining of the answer.
You were a little vague on the complete setup, so I'll have to infer a few things. Since you mentioned, "my" server, I assume you can set permissions on files, change ownership on files, etc (e.g. you can become root).
I also have to infer that the target abc program just produces some output and doesn't need to modify any files to speak of [other than (e.g.) /tmp/temp.$$]
As an example, let's do this from your home directory. Move the program abc to $HOME/private_bin and set the directory permission to 700 which means that only you can execute it.
Create a second directory: $HOME/public_bin that has normal permissions. Create a "launcher" program [let's call it abcpub] and put it in this directory. Set the permissions of abcpub to 4741. It's now a setuid program. Note that any non-root user may do this for files they own. It is not like creating a sudo because an ordinary user would need to do chown root ...
Now we're set ...
You can access the real abc program anytime you want. Others have no direct access to abc.
The launcher abcpub will allow others to have access to abc, but the launcher can apply whatever restrictions you desire: including no access, output to /dev/null, etc. abcpub can look at getuid and geteuid to determine who is executing it [you or somebody else]
We did the above example using your own uid and home directory. But, we can repeat the process by creating an "abc" user in /etc/passwd and a /home/abc. The abc user could be set up with a shell of /sbin/nologin. Thus, it's similar to nobody and it can't hurt anything.
It may be even better doing this by creating a setgrp program instead of setuid as that allows better comingling. The original user could retain their user permissions but still get access via the new group.
Also, it may be possible to configure sudo to get what you want.
I was wondering if it was possible to override the SKEL property when adding a user in Linux.
Man page gives me everything to change dynamically any property (SHELL, HOME, ...) but not SKEL.
What I want to do is find a way to assign one profile or another to the users I'm creating.
For instance, I need to create a user with a .profile in which VAR=value1, and another user with a .profile in which VAR=value2. My idea was to create different SKEL, one for those who need VAR=value1, another for those needing VAR=value2, and simply execute adduser ... -D -magic_option /SKEL/for/value1 or adduser ... -D -magic_option /SKEL/for/value2. But -magic_option doesn't seem to exist.
Any suggestion?
Of course, just use the -k option in useradd:
-k, --skel SKEL_DIR
The skeleton directory, which contains files and directories to be
copied in the user's home directory, when the home directory is
created by useradd.
This option is only valid if the -m (or --create-home) option is
specified.
If this option is not set, the skeleton directory is defined by the
SKEL variable in /etc/default/useradd or, by default, /etc/skel.
If possible, the ACLs and extended attributes are copied.
So you can create your /my/skel_for_users and /my/other_skel_for_users and use either of them whenever creating one.
I've created a new whoami command which requires a fake username and have put it in the PATH by adding it to ~/.profile . It is created in a way that whoami is called before actual the actual whoami from Linux.
The main reason to do this is because I am remote accessing a Hadoop cluster and want the copied files to be under the fake username.
This works fine when I call whoami in the shell and even calling $PATH shows the path to my created whoami before everything else. But for some reason, when Hadoop is called, it doesn't pick the created `whoami'.
Can someone help me with how to fix this?
thanks
Most applications do not use whoami to determine a user's username or group. For instance, in bash you can use the command id to find more detailed information about yourself or id [username] (such as id root) to find out more detailed information about other users. Groups can be found with groups as well. Also, different programming languages, such as C, have their own methods of determining user identities such as the getuid() command.
If you really "need" to go as far as faking your user account, you'll need to go down to OS level and create hooks into the kernel/API that handles those methods.
Is it possible that you simply chown the files after they are copied instead?
UPDATE:
It appears that some releases of Hadoop do actually use whoami (my own implementation w/ clustering does not).
In this event, the best (a term loosely used) suggestion would be to move the legitimate whoami executable and create a whoami shell script that goes in it's place. The custom script should validate the current user and if it's "hadoop", return whatever faked username you want - otherwise return valid output. Igor's answer would work in this case.
I suppose that hadoop uses other PATH variable then you have in your shell.
You can tune its PATH and add the directory with fake whoami to its beginning.
When it is impossible,
you can write a small wrapper for whoami (I'm not sure that it is a good idea but you can do this if you want) that will run original whoami except when the script is executed by hadoop:
#!/bin/sh
WHOAMI=/bin/whoami.orig
if [ "$($WHOAMI)" = hadoop ]
then
echo fake
else
exec $WHOAMI "$#"
fi