orr@neptune.UUCP (Rick Orr) (03/15/90)
Question:
Is there a way to use the "su" command in a script and have the
script supply the password, without it having to be typed.
I have tried several ways without any success.
I've tried:
---------------------------------------------------------------------
#! /bin/csh -f
su xyz
password
.
.
.
end
----------------------------------------------------------------------
file:
su xyz
password
$ csh < file
----------------------------------------------------------------------
Thanks in advance.
--
Rick Orr
ka@cs.washington.edu (Kenneth Almquist) (03/22/90)
orr@neptune.UUCP (Rick Orr) asks: > Is there a way to use the "su" command in a script and have the > script supply the password, without it having to be typed. > I have tried several ways without any success. Su reads the password from /dev/tty. So the only way to get it to read from something other than the terminal is to run in on a pseudo- tty, if your version of UNIX has those. For security reasons, you don't want to have the superuser password sitting in a file in your system anyway. Consider writing a C program to do what you want: #include <stdio.h> #define ROOTID 0 /* uid of superuser */ #define MYUID 746 /* my uid */ main(argc, argv) char **argv; { char **arglist; static char *shell_args[] = {"/bin/sh", NULL}; /* perform security checks */ if (getuid() != MYUID) { fprintf(stderr, "Permission denied.\n"); exit(2); } /* now run the program as root */ arglist = argc > 1? argv + 1 : shell_args; setuid(ROOTID); execvp(arglist[0], arglist); fprintf(stderr, "%s: not found\n", arglist[0]); exit(2); } Now make this program setuid to root, and you have a variant of "su" which doesn't require a password. But only the user with uid 746 can run it. You can replace this check with something appropriate for your particular application. Kenneth Almquist
jpr@dasys1.uucp (Jean-Pierre Radley) (03/26/90)
In article <1990Mar14.202740.5044@neptune.UUCP> orr@neptune.UUCP (Rick Orr) writes: > Is there a way to use the "su" command in a script and have the > script supply the password, without it having to be typed. > I have tried several ways without any success. I believe the password routine in 'su' and elsewhere wants to read /dev/tty. IOW, it insists on being interactive, for what would appear to be security reasons. Hence 'su' won't take the password from its standard input. Ergo, it won't take it from a script. -- Jean-Pierre Radley jpr@jpradley.uucp New York, NY 72160.1341@compuserve.com