Changing a users shell with a script? - linux

Is there a proper way to change a user's shell variable with a script depending on what shell they use? Such as
GITSHELL=/bin/bash
if [ GITSHELL = $SHELL ]
then
chsh git -s /usr/bin/git-shell
else
chsh git -s /bin/bash
Obviously there is some problems with this. I'm not sure how to word this so i can
A: Run it as root and still call the user git's shell instead of root's using su in the statement somewhere or
B: Run it as git and su -c root to change git's shell after the initial if?
The goal is to have a script i can run to change the user git's shell to bash when i need that user to temporarily have to ability to create folders and run git init --bare. And then i would run the script again to change the shell back to git-bash for security reasons.
Is this possible or should i go about this a different way?

Let the user make that decision, controlled via an environment variable. Just write your script like this:
: ${GITSHELL:=/usr/bin/git-shell}
git -s "$GITSHELL"
Now, your script will use /usr/bin/git-shell unless explicitly overriden:
$ ./script.sh # use /usr/bin/git-shell
$ GITSHELL=/bin/bash ./script.sh # use /bin/bash

Related

ssh sudo to a different user execute commands on remote Linux server

We have a password less authentication between the server for root user, I am trying to run the alias on remote server as below
#ssh remoteserver runuser -l wasadmin wasstart
But it is not working. Any suggestions or any other method to achieve it
Based on your comments as you need to sudo to wasadmin in order to run wasadmin, you can try this:
ssh remoteserver 'echo /path/to/wasadmin wasstart | sudo su - wasadmin'
For add an alias in linux you must run
alias youcommandname=‘command’
Notice:
This will work until you close or exit from current shell . To fix this issue just add this to you .bash_profile and run source .bash_profile
Also your profile file name depending on which shell you using . bash , zsh ,...

How to sudo run a local script over ssh

I try to sudo run a local script over ssh,
ssh $HOST < script.sh
and I tried
ssh -t $HOST "sudo -s && bash" < script.sh
Actually, I searched a lot in google, find some similar questions, however, I don't find a solution which can sudo run a local script.
Reading the error message of
$ ssh -t $HOST "sudo -s && bash" < script.sh
Pseudo-terminal will not be allocated because stdin is not a terminal.
makes it pretty clear what's going wrong here.
You can't use the ssh parameter -t (which sudo needs to ask for a password) whilst redirecting your script to bash's stdin of your remote session.
If it is acceptable for you, you could transfer the local script via scp to your remote machine and then execute the script without the need of I/O redirection:
scp script.sh $HOST:/tmp/ && ssh -t $HOST "sudo -s bash /tmp/script.sh"
Another way to fix your issue is to use sudo in non-interactive mode -n but for this you need to set NOPASSWD within the remote machine's sudoers file for the executing user. Then you can use
ssh $HOST "sudo -n -s bash" < script.sh
To make Edward Itrich's answer more scalable and geared towards frequent use, you can set up a system where you only run a one line script that can be quickly ported to any host, file or command in the following manner:
Create a script in your Scripts directory if you have one by changing the name you want the script to be (I use this format frequently to change 1 word for my script name and create the file, set permissions and open for editing):
newscript="runlocalscriptonremotehost.sh"
touch $newscript && chmod +x $newscript && nano $newscript
In nano fill out the script as follows placing the directory and name information of the script you want to run remotely in the variable lines of runlocalscriptonremotehost.sh(only need to edit lines 1-3):
HOSTtoCONTROL="sudoadmin#192.168.0.254"
PATHtoSCRIPT="/home/username/Scripts/"
SCRIPTname="scripttorunremotely.sh"
scp $PATHtoSCRIPT$SCRIPTname $HOSTtoCONTROL:/tmp/ && ssh -t $HOSTtoCONTROL "sudo -s bash /tmp/$SCRIPTname"
Then just run:
sh ./runlocalscriptonremotehost.sh
Keep runlocalscriptonremotehost.sh open in a tabbed text editor for quick updating, go ahead and create a bash alias for the script and you have yourself an app-ified version of this frequently used operation.
First of all divide your objective in 2 parts. 1) ssh to the host. 2) run the command you want as sudo. After you are certain that you can 1) access the host and 2) have sudo privileges then you can combine the two commands with &&. What x_cmd && y_cmd does is that the y_cmd gets executed after x_cmd has exited successfully.

shell scripting that uses sudo su - team and perform rest command under this sudo access only

#!/bin/bash
sudo su - team //// this will change user to team
<somecommnand>
here i have some command like sqlplus that run under this privilege only .
but ,this script first asked for password then i give password but it not run rest of command like .
How to write script that use sudo su and run all command in script below it.
You have several options.
You can just move the sudo command outside of your script, and have people call it like this:
sudo -u team /path/to/your/script
You can put the sudo command in one script and the actual commands you want to run with elevated privileges in another script. That is, people run your_script, which looks like:
#!/bin/sh
sudo -u team /path/to/your_script.real
And your_script.real contains the commands that you want to run with elevated privileges.
If you really want everything in the same script and you don't mind being a little too clever, you can have the script check re-execute itself using sudo like this:
#!/bin/sh
TEAM_UID=500 # replace with correct uid
if [ "$UID" != $TEAM_UID ]; then
exec sudo -u team $0
fi
And you can also feed commands to a shell from stdin, like this:
#!/bin/sh
sudo su - team <<'EOF'
echo my uid is $UID
EOF
You could try having all of the commands on the same line and seperate them with ';'.
eg. 'sudo su; somecommand; another command'
Could also run that script as the intended user.

How to run command in su mode in bash script?

I need to run these two commands :
ulimit -s 1024
echo 120000 > /proc/sys/kernel/threads-max
The first one can be run just in user mode (not using sudo or su) and the second can only be run in su mode. I want to write a bash script that let me run these two commands. The first one is OK. For the second one, I need to su (change user to root), run the command, and then exit. Actually, I want to run the second command in su mode using a bash script. Any idea?
If your user has permission to use "sudo tee", then one solution is:
echo 120000 | sudo tee /proc/sys/kernel/threads-max
As a security measure, you cannot run scripts as a superuser without prepending sudo. If you want it to be passwordless, you need to run visudo and allow your (or the executing user) to run this command as a superuser without password confirmation.
The other way is to use the setuid bit on compiled code. Compile a simple program which will execute the echo 120000 > /proc/..., then change it to be owned by root: chown 0:0 executable_name, and chmod u+s executable_name to set the setuid bit on it. This will cause execution of this program to be ran with permissions of its owner, which is root.
This is the same way which allows passwd to modify a file which requires super-user privileges without actually being a super-user or sudoer.

Owner of incrond file products?

Please [1] consider this command: sudo incrontab ~/incron-config where ~/incron-config contains:
/home/zetah/doc IN_CREATE,IN_MOVED_TO /home/zetah/scripts/do_something.sh $#/$#
and do_something.sh consists of [2]:
#! /bin/bash
python /home/zetah/scripts/py_something.py "$1"
Python script accesses some online services and produces 3 new files. They are owned by root.
Why is that and how can I change this behavior. I want to be the owner of those product files
Thanks
[1] Posted on Ask Ubuntu previous - thought to try my chances here, will interlink in any result
[2] Seems lame to wrap Python script in Bash script, but I couldn't do it otherwise
created files are owned by root probably because you run incrontab as root and then python inherit from it through bash
You can run incrontab from your own user, simply add your username in /etc/incron.allow (to allow you to use incron) and then recreate the incron table with your account with "incrontab -e" (don't forget to remove the entry from root)
Second option (if you can't modify incron.allow) is to call python with your username.
In your bash script, modify :
python /home/zetah/scripts/py_something.py "$1"
in
su <username> -c"python /home/zetah/scripts/py_something.py '$1'"
Hope it's help
ericc

Resources