I need to change my id to some sudo account in a server.. Actually our username/passwd will be stored in one gip file like below...
$cat .a.gz #It's hidden file
username
passwd
$
So I tried the below script to pass the password when i sudo to another id.
#!/usr/bin/bash
id=`id | awk '{print $1}' | awk -F"(" '{print $2}' | tr -d ")" ""`
#Here, 'id' will give the user id.
gzcat /home/$id/.a.gz | tail -1 > /home/$id/passwd
chmod 700 /home/$id/passwd
sudo su vobadmin < /home/$id/passwd
When i try this script, i got below error
Invoking "/usr/bin/pbrun su vobadmin" for you
You need to authenticate yourself. Running kinit...
Password for illindva@SWISSBANK.COM:
kinit(v5): Password incorrect while getting initial credentials
You did not kinit successfully.
Can anyone please advice on this issue?
Please let me know if you need any more details on this to resolve.
I do not understand - looks/sounds a bit awkward to me.
If you want to sudo su, why do you need a password then? I mean if you have access to that password stored in a file already, why not allow via sudo your user directly to become the other one without entering that password? Storing passwords in plain files is not secure at all.
If you put into sudoers a line that allows your current user to su to some id it could look like:
..
youruser host = NOPASSWD:/usr/bin/sudo - su vobadmin
..
You then just type
youruser> sudo su - vobadmin
.. and that's it. You also might want to use the dash (-) between su and the username so you have the users environment active.
Actually, the above provided code is part of my script.. I'm trying to connect to a server and there i'm changing my used id to some admin account id using sudo command..
When i try this sudo through command line or through script also, it's returning password prompt to enter my passwd.
so when i am trying to change the admin account id... i used above small code there. It's just to automate the script execution without manual intervention.
And we have our credentials in a zip file.. and it'll be in our home dir with 600 perm. so no one can even read the file. whoever execute the script, it has to take their passwd from their home dir to change the sudo account....
I hope you are bit clear now.. And still I've to try your above command to check whether it's asking the passwd or not.
Can you please provide your valuable inputs and suggestions on this..?
Ok, then I think I understood already.
Try to implement the sudoers entry as given in the example and give feedback please, ty.
If set up correct, you will not be asked for a password when doing the su, even not when automated via script.
I noticed a syntax error in the code I posted, sorry. It should be:
youruser host = NOPASSWD:/usr/bin/sudo su - vobadmin
The dash belongs between the su and the username.
That entry is permanently done using visudo and saved in the file /etc/sudoers.
If you want to disable it after your job is done you can just remark it by adding a # in front of the line and saving it.
Afaik there is no option to let that line perish when it has been used once.
If your user or the user you want to become (vobadmin) is able to use visudo, then it does not make much sense to remark the line, since this user could always enable it again, if permitted. Just a thought.
Anyway this is the link to the official documentation for sudo; maybe there is an option you'd like: Sudoers Manual
I tried to set NOPASSWD for this sudo attempt, but we are unable to do it, because i could not able to see /etc/sudoers file in my box..
And eve it's available also, dont think so that we are allowed to set it as we are not admins of my unix box..
Is there any way to automate the passing passwd through file or variable when script is excuting..? I tried many ways, but no luck.. it's not taking the passwd in correct format..
Please advice me on this...
Thanks in advance..
Regards,
VRN
---------- Post updated at 01:29 AM ---------- Previous update was at 01:00 AM ----------
Hi,
Tried the below code for passing passwd... it went fine in one unix box... but it's not executing from other boxes... am not getting the reason why it's not working from other boxes..
#!/usr/bin/bash
id=`id | awk '{print $1}' | awk -F"(" '{print $2}' | tr -d ")" ""`
#Here, 'id' will give the user id.
pwd=`gzcat /home/$id/.srlpw.gz | tail -1`
echo "\$pwd" > /home/$id/passwd
chmod 700 /home/$id/passwd
sudo su vobadmin < /home/$id/passwd <<eof
echo id has changed successfully
eof
can anyone please let me know the reason for this.. ?
You are still not using a dash (-) between su and the username. Not sure if this is intended.
If you don't have a /etc/sudoers you either have it installed somewhere else or there might be none installed at all. "which sudo" could help.
[quote]
am not getting the reason why it's not working from other boxes..
[/quote]
means you have no clue why it doesn't work or you do not get any error message? If it is the latter post your error message.
sudo is made for such stuff - get the admins to make an appropriate entry for you.
?