I need to run a command under su and sudo at the same time and redirect the output.
To do it manually the command I use is:
sudo su - user1
and then run the command I need from the prompt.
I've worked out the syntax to pipe the command I need into su:
su - user1 -c "more .ssh/authorized_keys" > scratch/output.txt
...but don't know how to get the sudo in as well.
I was hoping I could type something like:
sudo su - user1 -c "more .ssh/authorized_keys" > scratch/output.txt
...and then getting really clever do something like:
echo "$pw" | sudo su - user1 -c "more .ssh/authorized_keys" > scratch/output.txt
...to pipe in the password as well.
I've only been using Linux for a few weeks (I'm a VB programmer normally).
Thanks
Kristian
Related
I'm trying to change my user to one that doesn't need password to run ssh instructions and then do exactly that, run an ssh instruction. What I have now is:
sudo su - testUser ssh testUser#server2 'cat /home/randomUser/hola.txt'
But I'm getting the answer:
/usr/bin/ssh: /usr/bin/ssh: cannot execute binary file
if I put the instructions in a different file called testit like this:
ssh testUser#server2
cat /home/randomUser/hola.txt
and I run:
sudo su - testUser < testit
it works!, but I need to use the one line instruction, someone know what should I change to make it work?
sudo su - testUser
why don't you use just sudo -u testUser as it is supposed to be used?
But anyway, manual pages for the tools you are using is a good start. For sudo:
sudo [...] [command]
This looks good and fits into your example.
For su:
su [options] [username]
Ola ... su does not have any argument command, unless you provide also -c switch, which is written also in the manual page. And it is [option], so it should come in front of [username]! Something like this should do the job:
sudo su -l -c "ssh testUser#server2 'cat /home/randomUser/hola.txt'" testUser
but as I already mentioned, it can be significantly simplified by using sudo only:
sudo -i -u testUser "ssh testUser#server2 'cat /home/randomUser/hola.txt'"
I have script.sh that must be run as user2. However, this script can only be run under user1 in my application.
I would like the following command to run:
su user2 -C script.sh
but be able to run without password.
I also want this to be very restrictive, as in user1 can only run script.sh under user2 and nothing else.
I've tried doing this with sudoers file and just got endlessly confused after hours of trying.
If somebody can provide an explicit example of how this can be accomplished (instead of something generic like use sudoers), it would be greatly appreciated.
try running:
su -c "Your command right here" -s /bin/sh username
This will run the command as username given that you have permissions to sudo as that user.
Call visudo and add this:
user1 ALL=(user2) NOPASSWD: /home/user2/bin/test.sh
The command paths must be absolute! Then call sudo -u user2 /home/user2/bin/test.sh from a user1 shell. Done.
`su -c "Your command right here" -s /bin/sh username`
The above command is correct, but on Red Hat if selinux is enforcing it will not allow cron to execute scripts as another user. example;
execl: couldn't exec /bin/sh
execl: Permission denied
I had to install setroubleshoot and setools and run the following to allow it:
yum install setroubleshoot setools
sealert -a /var/log/audit/audit.log
grep crond /var/log/audit/audit.log | audit2allow -M mypol
semodule -i mypol.p
I had been trying to clear cache in a remote server and i got these commands.
First login as root user and execute
sync; echo 3 > /proc/sys/vm/drop_caches
But I had to automate this in a script, so i used this
ssh user#ipaddress "sudo su; sync; echo 3 > /proc/sys/vm/drop_caches";
But I am not able to get the root user privileges by sudo su and I thought removing sudo su and instead use
ssh user#ipaddress "sudo sync;sudo echo 3 > /proc/sys/vm/drop_caches";
But this says it dose'nt have enough permissions.
What am I missing??
When you do this sudo echo 3 > .... only echo will be with "sudo" user permissions, redirection is with current user.
try something like this :
ssh user#ipaddress "sudo sh -c \"sync; echo 3 > /proc/sys/vm/drop_caches\"";
Use tee as an alternate to redirection that works well with sudo:
ssh user#ipaddress 'echo 3 | sudo tee /proc/sys/vm/drop_caches > /dev/null'
The redirection to /dev/null is optional, if you want to avoid "3" being echoed to your terminal as well.
Also If you experience this message
>> sudo: sorry, you must have a tty to run sudo
as I had, you can fix it by editing /etc/sudoers and comment Defaults requiretty -> #Defaults requiretty.
I'm writing a script which automates the install of a mailserver, however some of my code has to be compiled from source because it is not in repositories. I have no problem with this, however, I have no idea what the best and most safe way is from a script that is being run as root. I know I have to make a non-privileged user for building, but which on of the following is the recommended way to do it?
1
su -c "command" - builduser
su -c "othercommand" - builduser
2
sudo -u builduser command
sudo -u builduser othercommand
3
su -c "externalscriptwithcommands.sh" - builduser
Ideally, I would like to continue my script as root after this has executed; I feel like option 3 is probably the most ideal, but I would like your input on this.
I have script.sh that must be run as user2. However, this script can only be run under user1 in my application.
I would like the following command to run:
su user2 -C script.sh
but be able to run without password.
I also want this to be very restrictive, as in user1 can only run script.sh under user2 and nothing else.
I've tried doing this with sudoers file and just got endlessly confused after hours of trying.
If somebody can provide an explicit example of how this can be accomplished (instead of something generic like use sudoers), it would be greatly appreciated.
try running:
su -c "Your command right here" -s /bin/sh username
This will run the command as username given that you have permissions to sudo as that user.
Call visudo and add this:
user1 ALL=(user2) NOPASSWD: /home/user2/bin/test.sh
The command paths must be absolute! Then call sudo -u user2 /home/user2/bin/test.sh from a user1 shell. Done.
`su -c "Your command right here" -s /bin/sh username`
The above command is correct, but on Red Hat if selinux is enforcing it will not allow cron to execute scripts as another user. example;
execl: couldn't exec /bin/sh
execl: Permission denied
I had to install setroubleshoot and setools and run the following to allow it:
yum install setroubleshoot setools
sealert -a /var/log/audit/audit.log
grep crond /var/log/audit/audit.log | audit2allow -M mypol
semodule -i mypol.p