Results 1 to 8 of 8

Thread: Passwordless su in a Bash Script?

  1. #1
    Join Date
    Apr 2012
    Beans
    19

    Passwordless su in a Bash Script?

    Hi everyone,

    I've run into a dilemma while migrating a Hadoop installation from Oracle Enterprise Linux to Ubuntu. The prior developer put the following command into rc.local within OEL:

    su reporter -c "cd /path/to/directorywithscript && bash runwebserver.sh >> /dev/null 2>&1&"

    I need the above webserver to automatically start (and stop) in Ubuntu as the specified reporter user (the automation stuff is *MUCH* less important than getting this script to properly run as the reporter user, but is a "nice to have" feature). This process needs to start last, as I still need to configure a couple of other Hadoop-related scripts to automatically start before this one (the webserver resides in the Hadoop filesystem, which doesn't get mounted until after you're in the OS). Every time I issue the su command I get asked for a password. This occurs regardless of which user is currently "active" and wasn't a problem in OEL since the Root user is actually used. I've tried adding the following to /etc/sudoers for every user on my system (as I'm unsure which user will be active when the script is invoked):

    root ALL=(ALL) ALL
    reporter ALL=/bin/su
    username2 ALL=/bin/su
    username3 ALL=/bin/su

    Please note that my Linux knowledge is still weak (I knew almost no Linux before this project was dropped in my lap). Any help is *greatly* appreciated as this is currently a major stumbling block!! =)

    Thanks,
    -Snipe

  2. #2
    Join Date
    Aug 2009
    Location
    Montevideo, Uruguay
    Beans
    259
    Distro
    Ubuntu

    Re: Passwordless su in a Bash Script?

    Do you get the password prompt even if you are logged in as root? It shouldn't be like that.

  3. #3
    Join Date
    Apr 2012
    Beans
    19

    Re: Passwordless su in a Bash Script?

    Unfortunately, I can't log in as root because the root user's account is disabled by default within Ubuntu (and I'd like to avoid enabling it if possible).

    Thanks,
    -Snipe

    Quote Originally Posted by uylug View Post
    Do you get the password prompt even if you are logged in as root? It shouldn't be like that.

  4. #4
    Join Date
    Apr 2008
    Location
    LOCATION=/dev/random
    Beans
    5,767
    Distro
    Ubuntu Development Release

    Re: Passwordless su in a Bash Script?

    If you've added that line to rc.local then it should work without touching sudoers as everything in rc.local is run by the root user.

    Also the edits you've made to sudoers look to have an incorrect syntax, did you use visudo to edit it?



    If you can't run the script from rc.local and instead have to launch it from a different user (for example rob) then you would need to add:
    Code:
    rob ALL=(ALL)NOPASSWD:/bin/su
    to the bottom of the sudoers file.

    Then rob could do:
    Code:
    sudo su reporter -c "cd /path/to/directorywithscript && bash runwebserver.sh >> /dev/null 2>&1&"
    Without having to enter a password.
    Last edited by Cheesemill; June 19th, 2012 at 11:36 PM.
    Cheesemill

  5. #5
    Join Date
    Apr 2012
    Beans
    19

    Re: Passwordless su in a Bash Script?

    Hi Cheesemill,

    I need to run the webserver as the reporter user (with the reporter user's credentials, intended environment settings, etc.). Correct me if I'm wrong, but prepending sudo before the su command will run the webserver with root's settings. I did indeed use sudo visudo to edit /etc/sudoers.

    Here is my current /etc/sudoers file that isn't working:

    Code:
    # /etc/sudoers
    #
    # This file MUST be edited with the 'visudo' command as root.
    #
    # See the man page for details on how to write a sudoers file.
    #
    
    Defaults        env_reset
    
    # Host alias specification
    
    # User alias specification
    
    # Cmnd alias specification
    
    # User privilege specification
    
    # Allow members of group sudo to execute any command after they have
    # provided their password
    # (Note that later entries override this, so you might need to move
    # it further down)
    %sudo ALL=(ALL) ALL
    #
    #includedir /etc/sudoers.d
    
    # Members of the admin group may gain root privileges
    %admin ALL=(ALL) ALL
    
    # User privilege specification
    root    ALL=(ALL) ALL
    user3 ALL=(ALL)NOPASSWD:/bin/su
    user2 ALL=(ALL)NOPASSWD:/bin/su
    user1 ALL=(ALL)NOPASSWD:/bin/su
    reporter ALL=(ALL)NOPASSWD:/bin/su
    Any ideas? =/

    Quote Originally Posted by Cheesemill View Post
    If you've added that line to rc.local then it should work without touching sudoers as everything in rc.local is run by the root user.

    Also the edits you've made to sudoers look to have an incorrect syntax, did you use visudo to edit it?



    If you can't run the script from rc.local and instead have to launch it from a different user (for example rob) then you would need to add:
    Code:
    rob ALL=(ALL)NOPASSWD:/bin/su
    to the bottom of the sudoers file.

    Then rob could do:
    Code:
    sudo su reporter -c "cd /path/to/directorywithscript && bash runwebserver.sh >> /dev/null 2>&1&"
    Without having to enter a password.
    Last edited by Sniperm4n; June 20th, 2012 at 12:40 AM.

  6. #6
    Join Date
    Jun 2006
    Location
    Brisbane Australia
    Beans
    713

    Re: Passwordless su in a Bash Script?

    As cheesemill said, that original su line you quote in the OP should work the same from rc.local in ubuntu. What is the problem you are seeing?

    If it is just that the script is not inheriting the full "reporter" user environment then just add "-" to the su, i.e:
    Code:
    su - reporter -c "cd /path/to/directorywithscript && bash runwebserver.sh >> /dev/null 2>&1&"

  7. #7
    Join Date
    Apr 2012
    Beans
    19

    Re: Passwordless su in a Bash Script?

    I'll test everything tomorrow and will reply here stat =)

    Thanks,
    -Snipe

  8. #8
    Join Date
    Apr 2012
    Beans
    19

    Re: Passwordless su in a Bash Script?

    Thank you to everyone for your in-depth responses! Unfortunately, the project has been terminated (with the finish line in sight) and I can't test this any further. Yay for corporate B.S.! =/

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •