Bourne script: Check for root and oracle user

totziens · September 24, 2008, 3:12am

I have 2 separate Bourne shell scripts with 2 questions in Sun O/S & UNIX environment.

Question 1: One of the scripts is supposed to be executed by "root" user only but cannot be executed after user executes "su - oracle". How can I check in the script whether the current user is "root" user? "who am i" does not prevent the user from executing this script after executing "su - oracle".

Question 2: This is opposite of question 1. The other script should be executable only if the "root" user executes "su - oracle". How can I prevent the script from continue execution if the user does not execute "su - oracle"?

otheus · September 24, 2008, 4:09am

Install your scripts in a non-NFS-mounted directory. Set ownership (chown) both scripts to root. Allow only root to execute the first script (chmod og-x). Allow anyone to run the second script (chmod og+rx). Now, in the SECOND script, you can check to see if it's root running, and exit if so:

test `id -u` = 0 && exit 2;

(Using this code only works to prove that you are NOT root. Proving that you are root is better left to the Operating System.) Feel free to engineer your own error message.

totziens · September 24, 2008, 4:32am

Thanks a lot. I think "id -u" works perfectly for me to use in both cases.

totziens · September 24, 2008, 5:14am

Just found out "id -u" does not work in some of the machines. Not really sure why. Could be due to individual machine's configuration issue. Not very safe for me to use.

Found the following command from a colleague with some modification by myself. It seems more reliable for me:

env | grep 'USER='| sed 's/USER=//'

This one can check for both "oracle", "root" or whatever user you want to check.

Thanks to otheus anyway as I have learnt something new.

otheus · September 24, 2008, 5:27am

In that case, hardcode the path:

/usr/bin/id -u

Or always use the GNU version:

/usr/local/bin/id -u # if id is the GNU version installed in /usr/local/bin.

You can get it from coreutils.

Alternatively, you can get it from ps:

$ ps u $$ |awk 'NR == 2 { print $1 }'
10362

It could be you get a name, in which case you then get it from getent:

getent `ps u $$ |awk 'NR == 2 { print $1 }'` passwd

totziens · September 24, 2008, 11:11pm

Thanks, otheus.

I tried the following commands and the results are as follows. It's not really the command "id" cannot be found but it's the "-u" option giving problem (except when I used /usr/local/bin/). It's no longer a problem for me in the script using the method I mentioned in the previous post but I am just curious about "id -u" - my colleague also complains about facing similar problem with "id" command...so he avoids using it in our machines.

Command: id -u
Result:
id: illegal option -- u
Usage: id [-ap] [user]

Command: /usr/bin/id -u
Result:
/usr/bin/id: illegal option -- u
Usage: id [-ap] [user]

Command: /usr/local/bin/id -u
Result:
/usr/local/bin/id: Command not found.

Any idea what could have caused "-u" option not being recognised?

otheus · September 25, 2008, 3:48am

Right, so download and install GNU coreutils. This might mean getting other GNU utils as well, such as make.

totziens · September 25, 2008, 5:30am

I don't have the authority to install anything I like in the server

otheus · September 25, 2008, 6:02am

Does the ps/awk command work? It should be architecturally neutral, in which case you can create a function in your code:

id () {
ps u $$ | awk '{ print $1 }'
}