Run the script as other user

vasuarjula · January 19, 2011, 4:42pm

hello all

There are files on host1 which need to sftp'd to host2 everyday. user 'yyy' has his dsa keys set up on host 1 and host 2 . If user 'yyy' executes the below query without 'su' part, then all files are transferred.
Now user 'xxx' wants to run the script and transfer the files, but he was not allowed to set up dsa keys on host1 and host2. So user 'xxx' wants to login to host1 as user 'yyy', make use of dsa keys of user 'yyy'and execute the script and .

In a Nutshell
After logging into host1 as 'yyy', i wish to 'su' to user 'xxx', make use of his keys and run the script as user 'xxx' so that all the files are sftp'd. But 'su' part in the below query is not working. I was unable to login to user 'xxx' after logging into host1 as user 'yyy'. Please help me out on this.

#!bin/ksh
set -x
su - yyy << EOF
password
EOF
dd=`date +%G-%m-%d`
sftp yyy@host2 <<EOF
cd /aaa/bbb/ccc
mput *$dd*
EOF
exit

Chubler_XL · January 19, 2011, 4:49pm

Do you have sudo on your system? With this you can allow yyy to run particular scripts as user xxx either without a password prompt or with a prompt to type his own (ie yyy's own password). It's quite configurable and logs everything that's done.

vasuarjula · January 19, 2011, 5:16pm

I cannot change the sudoers file. Permission is denied.

Corona688 · January 19, 2011, 6:02pm

You can't feed stored plaintext passwords into any sane authentication system, it's designed to only accept them from an interactive interface. Not being able to configure your system limits your options quite sharply.

Is it possible to ssh into that user? Even if it's on the same machine. You don't need administrative privileges to set up passwordless ssh, since it supports noninteractive key-based authentication. All you have to do is create the right files with the right contents in their respective ~/.ssh/ directories and it will go. Password-less logins with OpenSSH

Chubler_XL · January 19, 2011, 6:21pm

You could copy the private and public keys from the xxx account and use the -i identity_file option of ssh to use them.
Even better if this test works out OK, update the configuration file and setup the new identity file for host2 only.

eg ~yyy/.ssh/config:

host   host2
hostname host2.your.domain.name
user xxx
IdentityFile  ~/.ssh/xxx.id_rsa

methyl · January 19, 2011, 7:06pm

Some of the many reasons that the original script fails:

The first line should be "#!/bin/ksh" there is a "/" missing.
The "su -" command starts a new Shell and nothing after that line will be executed.
Afaik no version of "su" will accept a password as typeahead (i.e the <<EOF approach is flawed).

Hint: It is much easier to use Remote Shell (albeit within the local computer) to run commands as another user.
Maybe consider using a ".rhosts" file in account "yyy" and forget using "su -" and use Remote Shell instead.

Hmm. With your limited permissions, user "yyy" would need to create the ".rhosts" file.