su without password 3

[Moose467]

hi to all,
I have a quick and easy question, which I hope someone can help with.
I would like to write a script for a user (not root) to run a command as another user. I would like this command automated, so would like to avoid the need to enter the executing users password. Is this possible with su?
if not could somebody point me in the right direction.

Many thanks

Phil

 

[sushveer]

Hi Moose467

I WOULD LIKE to sugest 2 alternatives as:

Method 1)

If u want to avoid using password of other user and accessing his machine...the remote node user should have trust relation with you userid...
He can edit his $HOME/.rhosts file
as

<hostname> <user id>

so that u can access his node and files without password...

Also u can develop your script and automate with this concept...

Method 2)
If u have root user or user belong to system group

u can code in your script as:
su <username>

without prompting for password u can use other user account
..
U WILL get access on any node with any account...

If u are a normal user ...this will not work...Then use method 1)and develop script accordingly....

If I get any other ideas/solutions for your problem...I will reply to u instantly...


sushveer
IBM certified specialist-p-series AIX5L System Administration
AIX/SOLARIS/WEBSPHERE-MQ/TIVOLI Administrator

 

[dsn1]

If you write a small C program to run the script and set the setuid bit on the executable, this can then run as root and so issue the su without requiring a password

Dave

 

[kkvinjam]

Hey,
Its not possible to do SU to the other user without password. It also looks like breaking the security. However your requirement can be addressed by using setuid. If you use this in the executable file, if some other user excuteds this he will get previllages of the owner while execution. Hope it helps you.
Regards,
Kishore.

 

[needcoffee]

Phil,

Have you considered Sudo? Information and uncompiled versions can be found at

http://www.courtesan.com/sudo/

and compiled versions are available at

http://www.bullfreeware.com.

Sudo is a utility that allows defined users to run specified commands as another user without disclosing passwords. It is fairly easy to install and administrate. In my opinion it is more secure than the C program route.

Many people on this forum and other unix flavors use and suggest it.

needcoffee

 

[Moose467]

Thanks to all of you.
I will look into the setuid and sudo route.

Have a good day

Phil

 

[dsn1]

Do note that you cannot use setuid on a script ( as mentioned in your original query ) , you will need to write a program in a language that can be compiled ( e.g. C ) and set the suid bit on that

The sudo route can be easier if you wish to do a lot of these but I would not agree that it is any more secure than the C program route. Both are only as secure as Unix file permission settings

Dave

 

[mrn]

What I tend to do is create a menu and use trap to stop Ctrl-d / Ctrl-c then create a user and change the uid & gid in /etc/password to equal 0.

Menu

1. do command
2. do another command

99. exit


put exit on the last line of the users .profile and on 99 it will close the telnet connection. If you need any help in creating the menu script just ask

Regards

--
| Mike Nixon
| Unix Admin
|
----------------------------