I have django server installed under ownership of user say 'X'. Now I want to switch to user 'Y' and execute some scripts. Currently for changing user I am using sudo su "Y" -c "commands to execute" . I have added user "X" in sudoers file so that now it does not ask for a password.
Is there any way to do it without sudo.I have already tried it by editing /etc/pam.d/su file so that it does not ask for password when user X runs "su Y" without sudo.
Is there any other way in which this can be achieved?
You can use setuid bit for script, I think.
chmod a+u your_script_to_execute
will do the trick. Then any user will launch this script with priviligies of it's owner
You can read more at https://linuxconfig.org/how-to-use-special-permissions-the-setuid-setgid-and-sticky-bits
Related
I have a small elif script that has 4 options. I will need to make a user that has permissions to run just that script on login and when it finishes with the script to log him out.
I am trying to do it trough /etc/passwd like this:
user:x:1003:1003::/home/user:script.sh
When already connected with root and then "su" to user, it executes the script.
The issue is that the user cant connect trough putty and execute the script, which is the goal of what i am trying to do.
Any advise is welcome and appreciated.
Cheers,
Try giving the full path to script.sh in passwd. Even if this file is in the $PATH when you su to the user, it isn't necessarily in the $PATH in an SSH session. The SSH session might provide an environment that is different in other ways, too.
Try a normal user with adduser and then edit two files in his home...
# .profile
logout
...and...
# .bash_logout
clear
When this user logs in ( with ssh/PuTTY ) then .profile logs him out and .bash_logout is executed too. So you can decide to do something at login or logout or twice.
Currently I'm working on a perl script (for Debian based OS'es) that automatically installs some software packages. Therefore the script needs root privileges. As you all know this can be done by adding sudo before the command.
For some configurations however, the terminal user may not be the root. So my question is, how can I decrease the privileges and return to the user that opened the terminal.
I already tried the following code, but it closes the terminal and thats not what I want.
$result = `exit`;
When you're root, you can use sudo -u user cmd... to run a command as user. Since you're already root, it won't ask for a password.
Basically I want to change directory but to another users account how do I do this is it possible?
Use su, then the command to run as the user:
$ su otheruser
$ cd /home/otheruser
You can switch user and get a shell with the command su < username >, you must know the password for that user though. If you want to execute a single command instead of having a full shell add that command with the -c switch. Man pages here
I would like my root-requiring bash script to be run from IntelliJ/WebStorm, asking me for the root password when I run it. Having my root password hardcoded in the script is a bad idea of course.
IntelliJ/WebStorm actually has a $Prompt$ macro for reasons like this, which prompts you and uses your input as a value.
So I tried using $Prompt$ along with echo YOURPASSWORD | sudo -S yourcommand as described in use-sudo-with-password-as-parameter.
Then I pass passwd & script to run to a sudorun.sh script echo -e $1 | sudo -S $2 $3 $4 (since echo can't be be the 'program' line) which although works on the CLI, it fails to read echo-stdin on the IntelliJ console.
Ideally, I would like the solution to be configured solely from within IntelliJ and not require specific OS configuration changes outside of IntelliJ.
Perhaps there are other ways to deal with this, so lets improvise!
I, too, faced the same issue, but I work with sensitive data on my development machine and removing the password requirement for sudoers just isn't an option.
I was able to resolve this issue by launching the actual WebStorm application from the command line using the sudo command as follows:
sudo /Applications/WebStorm.app/Contents/MacOS/webide
Once WebStorm/PhpStorm are launched this way, you can run a script with root access without supplying root credentials.
Use the NOPASSWD feature of sudo. Add a rule like so to sudoers (via visudo or similar):
someuser ALL = NOPASSWD: /usr/bin/interesting_program
%somegroup ALL = NOPASSWD: /usr/bin/interesting_program
I find myself automating a lot of my workflow, and running into the same issue. I don't want to punch a hole in my sudoer permissions, and I don't want to run my IDE as root either. A good solution that I've found is gksudo, on Ubuntu and many other Linux variants you'll find it installed by default. What gksudo does is it allows you to prompt the user(yourself) to input your password with a graphic overlay, much like Ubuntu/KDE/etc. do when you need to be root to perform an operation such as an update.
This will then prompt you to provide your password to escalate privilege, then execute a given command/program as root.
In the Edit Tool Window simply:
Set the Program to /usr/bin/gksudo
gksudo may be located at a different path, try: whereis gksudo to find its path
Set Parameters to all commands you want to execute in quotes
Ex. "mongod --fork --config /etc/mongodb.conf; service elasticsearch start"
Make sure you have the quotes!
Set a working directory(if needed)
I'm sure this question has been answered before, but I can't find an answer that I like. I would like to write a shell script that executes a very specific script as another user (I want anyone to be able to start postgres as the postgres user). The script will have 710 perms so it will be executable by a certain group but not readable or writable by that group.
Now, I'm pretty sure there's no way to use 'su' without an interactive password prompt. There are lots of good reasons for that and I don't need to be convinced of the merit of those reasons (I'm told that someone savvier than me could grab the password off the processes list which is bad).
Question is, more generally how would I accomplish what I want to do without abusing unix security paradigms? Is there a way to allow user to execute a very specific process as another user?
This sort of situation is exactly what sudo was designed for.
You can create an executable (not a shell script) that launches the script that should run as the postgres user. Change the owner of the executable to the postgres user, and set the setuid bit.
See Best practice to run Linux service as a different user to address Celada's concern.
Well, you could use a simple script to access programmatically to an user using sudo and then execute all code you want.
Here is a simple script:
if [ "$#" -ne 2 ]; then
echo "Usage: "
echo " suprompt <user> <password>"
else
echo $2 | sudo -sS su $1
sudo su $1
fi
This script uses two arguments. The first one is the user you want to be, and the second arg is the password.
It works automatically.
You can change the final statement and do: sudo su $1 -c <command>
I hope this will work for you.