I have 2 users: usr1 and usr2. Neither is a root user.
usr1 starts a bash script. And from the script, I want to run some commands as usr2.
I understand that the way to do it is:
su -l <usr2> -c "command"
The issue is with passing the password. These are 2 different users with different privileges, so, skipping the password for usr2 is not an option.
This script can go interactive, and ask the user for the password. Is there a way to do this in bash script ?
Note: I am not an expert with scripting. And I have done some research before asking this question, but I couldnt find a suitable answer.
You can try using the read read man page command see example below:
#!/bin/bash
read -s -p "Enter your password: " pass
echo $pass
In that case you will need to use /bin/su -c along with sudo -S
#!/bin/bash
user=$1
read -s -p "Enter pass: " pass
cmd=$(echo $pass|sudo -S <some-command>)
su -c '$cmd' - $user
Where user=$1 additional bash argument, in this case the user id for usr2, then jut run it
$sudo bash -x ./password.sh <target-user>
Related
I am using SSH command to execute the bash scripts remotely:
ssh user#server 'bash -s' < $script_dir/script.sh
And inside the script.sh, I will have the command like below:
ssh-keygen -t rsa
ssh-copy-id postgres#$sqlserver
ssh postgres#$sqlserver -C true
And also
printf "Creating user in postgresql server...\n"
createuser -s -P username
Which need user's input, but I found when I execute the command from the remote server, it will skip getting the users' input and failed.
Another one is:
printf "Please enter your barman server name: \n" ; read -s barmanserver
Which cannot read user's input neither
I know that the script seems cannot read the other terminal's input, but can anyone help me find a solution if I need the user input to continue?
Thanks a lot!!
Eva
I have used something like this in the past. I am not quite sure why I installed sshpass though.
apt-get install sshpass -y
echo "Adding users to new VMs"
adduser adminuser
echo "changing user password"
echo "adminuser:password" | chpasswd
adduser adminuser sudo
It does work, but it gives you some warning.
I am logged on as user JSmith.
As this user, I run a csh script which runs a series of executables.
However, one of these executables needs to be run with the user HJones.
After that, the other executables should be run with user JSmith.
Note that JSmith is not the root user and that HJones has a password, which is "abcd".
How do I change the user to HJones during the run of the script, run my executable, and then change back to JSmith.
Here's some code in the file run_execs.sh, which I run with user JSmith.
#!/bin/csh -f
cd $EXEC_DIRECTORY
./doJSmithThis
./doJSmithThat
sudo -u HJones ??
./doHJonesStuff
sudo -u JSmith ??
./doJSmithAnother
./doJSmithMoreStuff
etc
su -c './doHJonesStuff' - HJones will run the script doHJonesStuff as HJones, it will not affect your other commands.
#!/bin/csh -f
cd $EXEC_DIRECTORY
./doJSmithThis
./doJSmithThat
su -c './doHJonesStuff' - HJones
./doJSmithAnother
./doJSmithMoreStuff
If you want the csh script to supply the password:
( sleep 1 ; echo abcd ) | socat -,ignoreeof EXEC:'su -c ./doHJonesStuff HJones',pty
(The sleep 1 is there because su would discard a password that arrived before the prompt.)
This is the first time it has happened to me where I am using the su command and it actually displays the password on the terminal and doesn't stay hidden. Here is my code snippet:
sshpass -p "password" ssh -q username#74.11.11.11 "su -lc 'mkdir temp/'"
Code explanation: I am accessing a remote server and trying be root on that server to create a folder. In doing so I have to use the su command and it prompts me for the password. When I enter the password, it gets displayed and doesn't stay hidden. How do I fix that?
The solution is to allocate a pseudo TTY (using the -t option on ssh):
sshpass -p "password" ssh -t -q username#74.11.11.11 "su -lc 'mkdir temp/'"
Without this, there's no "terminal" in this context and su is unable to disable echo of the password.
Just like I replied to you here.
It's possible to keep it "hidden" from the command line:
Edit your /etc/profile and paste there:
export SSHPASS='my_pass_here'
Use the -e argument with sshpass command
$ sshpass -e ssh usernmane#hosting.example 'ls -ll'
Another option is to save your password in a different file and use the -f argument:
$ sshpass -f password_filename ssh usernmane#hosting.example 'ls -la'
But the best solution is to follow the #Hristo Mohamed suggestion:
In general please AVOID using sshpass with a password.
You can set up easily a generate ssh key just to do this job and then remove it.
I have this:
su $username -c ./script.sh
The problem is that within script I have 'sudo' commands and they says me
sudo: no tty present and no askpass program specified
How to do this right?
UPD: I need both sudo and su. What I need to do is run script as USER $username and be able to run certain commands within script as root (for example, pacman -S)
SOLUTION: I've added NOPASSWD option to /etc/sudoers before running script and delete this entry using sed after script finished.
First set chmod +x to your scripts
try:
#!/bin/bash
echo "hello"
su - <your-user> -c /path/to/script.sh
echo "good bye"
UPDATE:
You should find a way to force bash to use pseudo-tty
Force pseudo-tty allocation. This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful, e.g. when implementing menu services. Multiple -t options force tty allocation, even if ssh has no local tty.
If the user is not as sudoers do the following steps:
This is what you need to do in /etc/sudoers:
# User privilege specification
root ALL=(ALL:ALL) ALL
newuser ALL=(ALL:ALL) ALL
you have also ways to do:
you can pipe password if it has password:
echo "yourpassword" | sudo -S
OR
You can run the following script:
#!/usr/bin/expect -f
spawn sudo -s <<EOF
expect "assword for username:"
send -- "user-password\r"
expect eof
Also you can do that:
sudo -kS bash - << EOF
password
whoami
echo "Not a good idea to have a password encoded in plain text"
EOF
As I am trying to learn bash shell, I want to have some idea how can I add or modify the user in Bash Shell script?
Quick Ex:
Adding an user:
createuser.sh
#!/bin/sh
user=$1 #first argument
apache="www-data"
passuser=$2 # second argument
newpasswd=$(perl -e 'print crypt($ARGV[0], "S#LtStR!Ng")' $passuser)
createuser='/usr/sbin/useradd' # PATH to `useradd` package
##create and update password, then assign the apache group to the user
$createuser -d /home/$user -g $apache -m -s /bin/bash -p $newpasswd $user
Calling:
root#ip-ad-2as2-ds:#./createuser.sh test test1234
This way you can control the modify-user script, just change the createuser variable to have the proper modify-user (usermod) package.
Use adduser(8).