Hi,
We usually switch user using the below command.
sudo su - user1
It then prompts for the password which we feed in.
I wish to pass both the username and the password in one go thus eliminating the prompt for the password.
I am using java standalone to connect to unix using java technology JSCH.
Any workaround will also do.
Can you please help ?
In the sudoers file you have to add the entry as NOPASSWD for for the id .May be ur admin can do it.
Two questions ..
If i can ask the Admin to do so then how will i pass the password? can you share the command format as example?
If my Admin does not implement the above because it goes against company policy, then what is the solution to this problem ?
---------- Post updated at 05:39 AM ---------- Previous update was at 03:44 AM ----------
Can a script help here ?
I can invoke a unix shell script from my java code.
Is it possible to pass the user id and the password to the script which used switch user? If so, please help me code the script.
su, sudo, and other login systems are designed to prevent being scripted.
The response from millan will remove the password prompt, so there is no need to supply it.
It's the best solution if you trust your users not to leave their screen open.
Robin
What is the sudoers file that Millan stated ?
Is it the same for all users ?
I thought I could save the username and password in a file which could be provided to sudo command. Will that work ?
Are we exhausted with no solution apart from Millan's ?
To repeat:
This is a security measure, because stored plaintext passwords are an extremely bad idea.
They insist on talking to a human, and the way to do that is to insist on talking to a terminal. Not pipes, not files, just terminals.
You can fake a terminal with the expect language if you absolutely must, but this is a last resort.
Setting nopasswd in sudoers is a better idea. Even better if you can restrict it to one exact thing.
sudoers is sudo's config file, which you edit with the visudo command.
How is it then, the tools like winscp and others are able to feed in both username and password in one go ?
Also, I remember a project in which we used Autosys Server and Client. We have uploaded several scripts to the unix server and the autosys client would execute each script with different unix userids. So, I know it is possible. Not sure how !!
That's exactly what I am looking for !!
Windows utilities generally are not required to worry about UNIX security management for obvious reasons.
There are UNIX equivalents like sshpass but if you use them, beware -- it's possible that anyone on the system could see the password when you do so. They are not installed by default anyway, since they would be severe security holes. To repeat, these login systems are rigid about passwords for better reasons than ticking you off.
The proper way to do these things is still passwordless operation via sudo or ssh keys. Please at least consider them.
Building your own daemon and utilities mean you get to decide how things work. Using already-existing daemons means you're restricted to how things already work.
I have set passwordless login between two ids on the same unix box.
I see this strange behavior.
For the first time even after exchanging keys it prompted for the password when i tried sudo.
After that i exit and tried to sudo several times and it never asked for the password.
Thinking all is fixed and good, I shutdown my system and tried to sudo after 2 hrs and I see it prompted for the password again.
Why is it prompting for the password upon sudo at random instances especially after a long break?
It remembers passwords for a few minutes after they're entered for convenience, in case you wanted to run a lot of commands in a short time.
It is plainly not working passwordlessly if it prompts you even once.
What exactly did you put in sudoers?
Not the sudoers, but the key exchange.
I generated key pair using keygen command for user id user1 and copied the public key to the .ssh/authorized_keys file of user2 on the same box.
ssh-keygen -b 2048 -t rsa
Shouldn't this work ??
I shall open a new thread for this has gone off subject. Thank you !!