I have this script in which a user can change its password using passwd transparently. The script itself is executed by root, launching it with
su - <user> -c "script"
I know it might not be very safe a way to launch the script but that is how it is and I have no lattitude to change that part.
My problem is that when called, passwd displays the following:
Changing password for user <user>.
Changing password for <user>
current (UNIX) password:
New UNIX password:
Retype new UNIX password:
Several things to note here:
Why does it even begin with two lines ? It seems the first is displayed when root calls passwd for and the second when calls passwd on himself. Can it be the start of an explanation ?
I need to filter some words out of those prompts. I thought of using a combination of greps and seds piped one after the other but here is the trick: the two first lines seem to be outputed to stdout, but the others to stderr. When I try to redirect stderr to stdout to treat it, nothing gets displayed anymore.
Has anyone got any answer or tips regarding this situation ? Thanks a lot.
(First question here so do not hesitate to ask for more info.)
Try keying:
su - vartaghan -c passwd
onto the command line and then contrast that with keying:
passwd
onto the command line.
The answer is right there. Because you are using su to implement the command it requires the password to be keyed in and then the passwd command becomes active, which requires the password all over again.
Your best option would be to change the way that the menu which runs for your users, starts this password changing shell, by simply issuing the passwd command.
Edit:
If you want to get rid of the I/O use something like:
(echo $1; echo $2; echo $2) | passwd &>/dev/null
Which requires that you run the script as myscript oldpassword newpassword
Related
I'm writing a test script in python where I use subprocess to run various terminal commands and check the result. One of the things I want to check is if the user "games" doesn't have a shell. I don't want to log in as games(which I think is impossible anyway), but have the ability to run this command as root. Is there any single bash command I can use to check what shells another user has(or doesn't have)?
I'm able to use the command "cat /etc/shells/" to check what shells I have available, I wanted to use this to search another user but I'm not sure how to do it, if it's even possible.
You may use "su", and check the return code:
root#shinwey:# su games
This account is currently not available.
root#pifa:/home/kalou/t# echo $?
1
or print the string "NO_SHELL":
root#shinwey:# su games 2>&1 > /dev/null || echo NO_SHELL
NO_SHELL
I'm trying to create a user using shell script.
Here's what I tried:
password="tes7"
username="tes7"
pass=$(perl -e 'print crypt($ARGV[0], "password")' $password)
useradd -m -p "$pass" "$username"
That script should work, but the problem is, when i login from ssh, there is no detail at the first text, just $.
but if I do it manually like this, not with shell.
adduser username
Adding user `username' ...
Adding new group `username' (1001) ...
Adding new user `username' (1001) with group `username' ...
Creating home directory `/home/username' ...
Copying files from `/etc/skel' ...
New password: fill this in manually
Retype new password: fill this in manually
When I login with ssh, I have a normal first prompt tes5#ns-jazuly:~$.
If you do not know in witch shell you are you can always check it with
echo $SHELL
/bin/bash
In bash(/bin/bash) the Prompt can be set changing the system variable PS1. Default this variable is:
echo $PS1
${debian_chroot:+($debian_chroot)}\u#\h:\w\$
you can change it for example to:
PS1='whatever'
But you can set it to whatever you like. If you feel cheeky you can also use ANSI/VT100 Control sequences.
In sh(/bin/sh) as you probably fear you can check it the prompt in the same way (I did that as root)
echo $PS1
#
as user you get $
I am writing a wrapper shell script wrapper.sh to run bunch of other already available scripts owned by other people and I cannot touch those scripts.
The problem is, there is one script that runs some db specific activities - db_perf_clean.sh. That script is normally executed manually and it prompts for a password at run time. There is no way I can supply the password to it as a parameter and I cannot modify that script. As such I know the db password and I can provide it in wrapper.sh.
Please let me know how can I run that db_perf_clean.sh script inside wrapper.sh like in a silent mode.
Sometimes a script will insist that a password be read from the tty. Often, it will read from stdin. If so, try:
echo password | db_perf_clean.sh
The above has the disadvantage that the password will appear in ps. To avoid that, hide the password in a file and use that file for stdin:
db_perf_clean.sh <file_with_password
If you want the command to be silent, you can throwaway its output:
db_perf_clean.sh <file_with_password >/dev/null 2>&1
Under bash, as opposed to generic shell, that can be slightly simplified:
db_perf_clean.sh <file_with_password &>/dev/null
I found out little different approach instead of writing a password in a file and that worked too ->
db_pass="somevalue"
sh db_perf_clean.sh<<EOM
$db_pass
EOM
I am trying to get the shell of all the users currently logged in a linux machine, whether it is a login shell or a non login shell.
I know how to get this for my self, but how to do it for all the users logged in on the machine...
If you want to see something about other users, I am assuming you have root privileges on this box. Otherwise your question is moot from the start.
If you have root, you can run ps -ef|grep $USERNAME and compare the process names to the shells in /etc/shells. Each user will have one under normal circumstances. But if someone is launching bash inside ksh or some other shell combination, that is another issue.
Or if you just want to know what is the default shell of the other users, this command can help:
cat /etc/passwd | awk -F ":" '{print $7}'
Maybe, if you can tell us why it is important for you to know what shell each user is running, you can get better answers
I'm sure this question has been answered before, but I can't find an answer that I like. I would like to write a shell script that executes a very specific script as another user (I want anyone to be able to start postgres as the postgres user). The script will have 710 perms so it will be executable by a certain group but not readable or writable by that group.
Now, I'm pretty sure there's no way to use 'su' without an interactive password prompt. There are lots of good reasons for that and I don't need to be convinced of the merit of those reasons (I'm told that someone savvier than me could grab the password off the processes list which is bad).
Question is, more generally how would I accomplish what I want to do without abusing unix security paradigms? Is there a way to allow user to execute a very specific process as another user?
This sort of situation is exactly what sudo was designed for.
You can create an executable (not a shell script) that launches the script that should run as the postgres user. Change the owner of the executable to the postgres user, and set the setuid bit.
See Best practice to run Linux service as a different user to address Celada's concern.
Well, you could use a simple script to access programmatically to an user using sudo and then execute all code you want.
Here is a simple script:
if [ "$#" -ne 2 ]; then
echo "Usage: "
echo " suprompt <user> <password>"
else
echo $2 | sudo -sS su $1
sudo su $1
fi
This script uses two arguments. The first one is the user you want to be, and the second arg is the password.
It works automatically.
You can change the final statement and do: sudo su $1 -c <command>
I hope this will work for you.