On 2006-08-26, Angel Tsankov wrote:
> Hello!
>
> A lot of small pieces of a long bash script need to be executed as different
> users. How can I most easily accomplish this task?

First read the man pages of sudo(8) and sudoers(5). Check especially
the "-u" and "NOPASSWD" sections (respectively). Then 'fix' the
/etc/sudoers file using "visudo". Finally 'fix' your script!

Apostolos

--
Replace earth.space with gmail.com for a valid e-mail

"Angel Tsankov" writes:

>Hello!

>A lot of small pieces of a long bash script need to be executed as different users. How can I most easily accomplish this task?

Have root run the script and use
su username -c commandname
man su
That is the ONLY way.

Note that you cannot use suid on the script.

In comp.os.linux.misc Unruh :
> "Angel Tsankov" writes:

>> A lot of small pieces of a long bash script need to be
>> executed as different users. How can I most easily accomplish
>> this task?

> Have root run the script and use
> su username -c commandname
> man su
> That is the ONLY way.

Not really, at least three other possibilities come to my mind.

- Using 'sudo' ; NOPASSWD for the script.

- Using ssh: 'ssh otheruser@localhost "script"; with keys setup.

- Writing a short C wrapper that calls the script and is set
SUID.

The last should be avoided. The first needs root permissions to
setup sudo. Using ssh doesn't need root permissions at all,
presuming access to "otheruser" account is available.

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 412: Radial Telemetry Infiltration

On Sat, 26 Aug 2006, in the Usenet newsgroup comp.os.linux.misc, in article
<44f011df$0$75034$14726298@news.sunsite.dk>, Angel Tsankov wrote:

[Note: comp.os.linux.help and comp.os.linux.questions are bogus groups,
only carried on mis-configured news servers. 'comp.os.linux.help' was
renamed 'comp.os.linux.misc' in 1994.]

>A lot of small pieces of a long bash script need to be executed as
>different users. How can I most easily accomplish this task?

I assume you have looked at _group_ permissions and decided that running
the script as a group member isn't going to do the job.

[compton ~]$ whatis su
su (1) - run a shell with substitute user and group IDs
[compton ~]$

specifically, the 'su -c' option. To "run as" other users, _without_
supplying a password, this script would have to be run by root. Otherwise
the individual passwords need to be included on the 'su' invocations,
which is a large security problem.

Old guy

> Hello!
>
> A lot of small pieces of a long bash script need to be executed as different users. How can I most easily accomplish this task?

OK, my question was whether I can 'su' in a bash script so that the commands that follow the 'su' in che script will be executed as
the su'ed user.

"Angel Tsankov" wrote:
>
>OK, my question was whether I can 'su' in a bash script so that
>the commands that follow the 'su' in che script will be executed
>as the su'ed user.

My question is why you don't read the man page and then try it.

--
Floyd L. Davidson
Ukpeagvik (Barrow, Alaska) floyd@apaflo.com