I have been trying to automate a process of rsyncing many user directories from one host to another. I have set up an SSH key pair so that the user can go straight from server A to server B without a password prompt. The problem is that when I run the command as root, instead of it cycling through each user account and syncing only the data in that specific user directory it performs a sync from the root level directory of all of the users thus creating the root directory structure and all of the child directories inside each user directory!
The command I am running is:
(As root):
#!/bin/bash
for user in $(</root/scripts/users.txt)
do
su - $user -c "chmod 600 .ssh/*;rsync -avvh --stats --delete --exclude ".*/" --exclude=".*" . remotehost:."
done
If I run the command as root on the command line (i.e. su to the username and then perform the commands inside the quotes it works fine. If I run the command as root and change the command inside the quotes to just ask for the path it should be it shows that users home directory so I am lost as to why this is not just changing to that specific user, syncing the data in that users home directory with the remote host and then moving on to the next user.
Help!?!
Related
As a web developer I always have the problem when updating PHP (and other) files from an SSH client, because I am logged in as a user or simply root.
After that update I always have to run manually from a terminal 'chown -R apache:apache *' to make the files accessible.
I tried to make a user ID and add it to the group 'apache' and add the apache user to the group of my user id. That works only for existing files on the server file system, because newly created files have permissions rwxr--r-- which does not allow writing by my user even as it is in the 'apache' group.
I'd like to make a login (shell is not needed) for the Apache user, so I can use an SSH based file browser like Forklift to login as Apache or use sshfs to mount as Apache user.
Another way is make umask that my user id always sets attributes of newly created files from sshfs mount or a file browser (mounted with my user id, not root) that they have permission rwxrwxr-- (i.e. 0775) by default.
Is there a way I can upload files to the server (updating existing op create new ones) without having to worry about permissions by Apache ?
You have to set the setgid
For example, do the following steps:
adduser hugo
addgroup apache
usermod -a -G apache hugo
mkdir /tmp/example
chown hugo:apache /tmp/example
chmod g+s /tmp/example
su hugo
cd /tmp/example
touch my_file
ls -l
I am trying to copy files/directories from one user to another user in a same machine via jenkins.
Suppose there is one file abc.txt in a directory(say /tmp/dist) where user1 has sudo access. I need to copy that file to the directory of (/opt/user2/temp) via jenkins.
I executed these commands in interactive shells after logging in to the server.
sudo -u user2 -s cp /tmp/dist/* /opt/user2/temp
This asks for password prompt and abruptly comes out of terminal and terminates the job.
I also checked if i can remove password prompt by adding password details in /etc/sudoers but to no avail.
sudo visudo
I also tried scp to the destination folder directly but that also was not fruitful.
Tried ssh as well
ssh -t user2#hostname 'sudo -u user2 -s cp /tmp/dist/* user2#hostname:/opt/user2/temp'
edit 1:
Tried changing the owner of the group to the destination folder but it asks for password prompt again.
sudo chown -R user2 /tmp/dist
I expect directory copy from to another folder provided it doesnt asks for password prompt.
Also,I don t have access or can modify /etc/sudoers.
We are using sudo users with limited commands to execute and assigned default home directory /home/sudouser but if that particular sudo user is running command cd \ its changing the directory to the main root directory /. This behaviour is totally insecure for us.
We need it such that if the sudo user is entering cd / or cd it changes directory to their home directory /home/sudouser
Please let us know how we can implement this?
Don't ever try to restrict a sudo user to only a directory or a command, a sudo user can by definition do what he wants.
In your case, having a script that assigns the home directory is I think a better idea. To solve the trouble of permissions look for the suid bit in permissions: http://www.linuxnix.com/suid-set-suid-linuxunix/
For example: create a sh file that has the following permissions: "-rwsr--r--" that is owned by root and as a group that can be accessed by the user whom you want to use the script.
Then in the file you create a simple script to execute the command to change default directory with let's say two parameters (username and directory)
I want to execute command, file (any file with extension *.sh) from another user except not root user .
I want to provide the file such properly that the another user can execute this file as root user without password.
use sudo command befor any command if you want acting as a root
sudo mkdir dirname
or give full permision to file like it
chmod 777 filename
I am having a cent-OS server with 5 accounts: developer, user1 ,user2 ,user3 and user4. All the user home directories are under /home like /home/developer, /home/user1, /home/user2, /home/user3 and /home/user4. I want to create a 4 scripts: user1.sh, user2.sh, user3.sh and user4.sh inside the /home/developer folder. When the user developer run the script user1.sh, he switches to the user1 and cd to the home directory of user1 (/home/user1) and so on for the remaining scripts. The idea behind is to keep the developer from the root access and allow switch to other user's home directory by simple executing a command with that user's name. Is it possible?
I suppose you're looking at su - otherUser
Of course, you'll have to provide the password of the other user.
I suppose that something like sudo su - otherUser could work but I haven't tried