Running script as one user, callign another as another.

[MCubitt]

I am running a script (from cron) as user Oracle. However, I need it to call another script and run that as a different user. Is this possible, without much fuss?



There's no need for sarcastic replies, we've not all been this sad for that long!

 

[KenCunningham]

su - <user> -c "path to command"

HTH

 

[MCubitt]

Ken,

Thanks for that.. but won't it ask for the password?




There's no need for sarcastic replies, we've not all been this sad for that long!

 

[KenCunningham]

Sorry, didn't spot that you were running it as Oracle. It will ask for a password if you're running it as a 'normal' user (an oxymoron if ever there was one!), but not if the initial script is run from root. Leave it with me (and others) - there may well be an answer if you use something like expect, which I'm afraid I have no experience of. Have you thought of putting both users into the same group (if they're not already) and then giving the group execute permissions for both scripts?

 

[MCubitt]

Ken,

No worries.

The initial script is run as Oracle and needs to call a second script, run as user "tle".

I am not sure what I need to check to see if this would be ok.. ie, if Oracle is "above" tle.




There's no need for sarcastic replies, we've not all been this sad for that long!

 

[KenCunningham]

An ls -la on both files will tell you the permissions and ownership of the scripts in question. Assuming that the group permissions settings (the middle of the three blocks) for the tle script are r-x you could add user Oracle to the group (through smitty) to which the script 'belongs' (as indicated in the listing) and thus Oracle would have executable permissions on the file too, without having to 'be' tle to execute it. If the permissions for the tle file aren't r-x, you can change it to be so using chmod 755 (say) on the file in question. As you're running the script through cron it might also be necessary to make sure that the environment variables (PATH etc) are set appropriately too.

Hope this isn't too confusing.

 

[MCubitt]

I granted all scripts all access (777) so (excuse my ignorance) does that mean who ever runs them can run them? It's more the contents of teh second script that needs "tle" access.

I guess I could just try it and see!

But what I want to do, effectively is:
Oracle script
------
step 1
step 2
step 3
call tlepart1
step4
step5
call tlepart2
step6

tlepart1 script
---
(as tle user)
step 1
step 2

tlepart2 script
---
(as tle user)
step3
step4






There's no need for sarcastic replies, we've not all been this sad for that long!

 

[KenCunningham]

Granting 'world' 777 (rwx) rights to the script should make it executable by anyone, but you may have a problem if the script has to be run by tle and tle alone. As you say, if you're able to give it a go, do so, and post any problems back here. Cheers.

 

[MCubitt]

I had problems but decided to cron a job as tle rather than mess about in areas I don't know and have not got time to visit, sadly.

Thanks anyway


There's no need for sarcastic replies, we've not all been this sad for that long!

 

[RodKnowlton]

sudo (available at

http://www.bullfreeware.com/)

can be configured to allow a user run a particular script as another user without inputting a password.

I believe (check the docs) the sudoers line you'd need would be:

Oracle ALL = (tle) NOPASSWD: /path/to/the/script

Then in your Oracle cron:

sudo -u tle /path/to/the/script


Be sure to only use visudo to edit the sudoers file, as it validates the file before saving. Also read the man pages for visudo, sudoers, and sudo before implementing this. sudo is a great tool, but not one to use without a clear understanding of it's workings.


Rod Knowlton
IBM Certified Advanced Technical Expert pSeries and AIX 5L

 

[KenCunningham]

Rod, thanks for that, I think I was confusing sudo with expect. It's been a lonnnnnnnggggggg week!