Passing a password to "su" command over sshexec from ant - linux

Is there any way to pass a password to the linux "su" command? I'm attempting to automate a deployment using sshexec and Ant. As part of that I need to execute the "su" command, but I can find no way to give it a password. The su command does not have the -S switch like sudo. I've tried using the commandResource and input properties on sshexec, but I just get an "su: Sorry" back.
Before anyone thinks I am, I am not storing passwords in files. The script to execute is being generated in memory in Ant based on prompting for a password.

Not an expert at this but you should probably use sudo instead of su. The following thread might help more pass-password-to-su-sudo-ssh

Related

How to pass encrypted password for execution of a script from Command Task to call pmrep

Scenario
I am working on a code to execute pmrep command. I cannot execute this from Unix box as the Code pages are different ( Unix server where I am executing the pmrep command and where the Power centre is installed), and I dont have any other option to exceute it from the Unix Box, because we dont have sudo login and we are connecting from citrix and Informatica is not installed locally.
So we have come up with an option of putting the pmrep commands in .sh script and passing username, password,environment and path variables from an env file. Then executing the above script from a command task in a workflow.
I am able to execute all the pmrep commands (connect, deploy DG etc) using the above process.
Now comes the problem.
I am saving my username and password in the .env file. I would like to remove this.
For pmrep connect command,
I am passing -x $password, I would like to pass the Encrypted password in place of original password.
I have used pmpasswd utility to get encrypted password and stored it in a variable (encrypted_password)
used that variable in place of orginal. -x $encrytped_password
used that variable with -X $encrypted_password.
where -x is used with general password and -X is used with Environmental Password
Both the methods were unsuccessful. with the first one its saying invalid password and with the second one its saying
"The environment variable xteyeZk9BYn91bb4Om7xKg== is undefined."
Please help me with the solution on this. Any help is really appreciated. Please let me know if you need more inputs.
Informatica(r) PMREP, version [9.1.0 HotFix6], build [496.0111], LINUX 64-bit
Rakesh
It should be -X encrypted_password without the $.

Running background command with fabric (sudo: sorry, you must have a tty to run sudo)

I am running a script in background using fabric. To do that I am using below mentioned function.
def init_db(var):
with cd("%s/scripts" % var):
sudo (" nohup ./init_database.sh &> initdatabase.out &", pty=False)
I have to use pty=False to do it in backgound but this fails as in sudoers file "Defaults requiretty" option is mentioned which does not allow me to run sudo from fabric without pty.
I cannot edit the sudoers file all the time for every server, can anyone please give me some other solution.
Thanks,
Imran Teli
Warning: This is not safe! Do not use this!
Fabric supports giving the sudo password in the shell command:
fab --password=password [...]
However, this means the password may be stored in the shell history, log files and other random places where they could be easily retrieved by anyone having any sort of access to the box.
The safe way to do this is, as you mentioned, setting up sudoers to allow exactly the things you expect the script to do, and nothing else, without a password.

Replicating SCP command in Shell script in linux?

Hi I have been given a task of copying files from a given server to local machine. Even I can do it manually using the command line but I need to write a script to automate it. I dont have any clue how to do it using shell, how to give the password which we would have done manually. I went through other posts but did not get the precise answer.
Are there better ways than using SCP command?
Thanks in advance
The preferred + more secure way to do this is to set up ssh key pairs
That being said, if there's a specific need to supply passwords as part of your shell script, you can use pscp, which is part of putty-tools:
If you are on ubuntu, you can install it by:
sudo apt-get install putty-tools
(Or use equivalent package managers depending on your system)
Here's an example script of how to use pscp:
#!/bin/bash
password=hello_world
login=root
IP=127.0.0.1
src_dir=/var/log
src_file_name=abc.txt
dest_folder=/home/username/temp/
pscp -scp -pw $password $login#$IP:$src_dir/$src_file_name $dest_folder
This copies /var/log/abc.txt from the specified remote server to your local /home/username/temp/

Linux bash shell script with password hide for truecrypt

I try to create my own linux bash script that calls truecrypt for mounting. As option a need to set the password for the truecrypt file. I can do this inside the bash script but if someone open it, they can see the password. The script will later run automatically.
My question: Is there some safe way to hide/encrypt the password?
Example:
truecrypt --mount --password="testing" /home/username/test.tc /home/username/mount/
Thanks for any help!
Use SHC. It encrypts shell scripts using RC4 and makes an executable binary out of the shell script which you can run.
Download SHC(http://www.datsi.fi.upm.es/~frosal/) and install it.
Create a shell script with in "truecrypt --mount --password="testing" /home/username/test.tc /home/username/mount/" andsave it as "yourfilename.sh".
Now, run the command :
shc -f yourfilename.sh
The switch "-f" specifies the source script to encrypt. The above command will create two files: yourfilename.sh.x.c and yourfilename.sh.x.
The program "shc" creates C source code out of your shell script then encrypts it (yourfilename.sh.x.c). The encrypted shell script is: yourfilename.sh.x. Run that binary and it executes your commands:
./script.sh.x
There is no safe way to store the password without someone being able to read it. The only options you have are to use user rights to limit who can see it. You can make the script readable only to the user who's password is in it as one options. Another is to have the script read the password from a file which has a similar permission set (this just gives you more flexibility with updating the script and such).
Ultimately though any admin/superuser can read the file anyways so this isn't something you can do safely. The thing most people suggest is to have the script run automatically and present a GUI for the user to input their password. These vary based on your distribution but they are usually there.

How do I redirect string input into sudo?

I'm writing a bash script that requires root access and so what I need to do is write something like
$my_psswd >> sudo some_command parameter1 parameter2
to automate the process. I'm not concerned if this opens up security holes. This is more or less of an example that I can think of. But the problem is that when I initiate sudo anything, it asks for user input which I'm not sure how automate or provide as a variable.
I've tried things like
$my_psswd >1 sudo something
echo $my_psswd | sudo something
but none of this is what I want. Also this has to be a bash script, I can't use a program like expect. Thanks.
You need -S switch for sudo command:
-S The -S (stdin) option causes sudo to read the password from the standard input instead of the terminal device. The password must be followed by a newline character
I recommend against doing this at all. You will be storing your password in plain text which means other people may have access to it. Or it will be visible in process listings, again available to other users.
There are a couple of alternatives to prevent this:
Run the entire script using sudo. Do not use sudo in the script itself but run the entire things with elevated privileges. The downside is off course that your might be executing things with elevated privileges that do not require it but with no more background that's impossible to say.
Better would be to configure your account to execute those specific commands through sudo without providing a password. That way you can execute only the commands that need it with elevated prvileges without the problem of providing a password.
A workaround could be to run sudo -l before calling the script. That way sudo will have an active session and won't prompt for a password. This is only a workaround and would fail if one of the commands takes longer to execute than the configured grace time for sudo. But in small scripts this might be an easy fix.
Try echo $PW | sudo -S cmd
It may work for you.
you are not suppose to use sudo this way, use visudo to specify what commands are allowed to what users, then you don't need to worry about passwords.

Resources