PeterPanic Posted August 31, 2008 Report Share Posted August 31, 2008 Hi. I'm just writing a script that adds a new User in Linux, samba, mysql and in a record in a mysql-db. This script obviously has to be run as root. I am aware of the security issues when saving a root password in a bash variable, but I guess typing it over and over again isn't much less secure. And this post isn't about the security aspect, so please try and help me with the real question. In a pure bash environment I can use the following code to look if I'm root, and if not, restart the same script with "su" if [ $UID -ne 0 ]; then echo "Please, type root's password..." su -c "$0 $@" exit fi # rest of program here... This will cause su to ask the user for the password. Now I want to run this in a graphical environment. Of course, I can use "kdesu" instead of "su", but I'm not sure, kdesu is even there. But there is zenity. Now I tried: if [ $UID -ne 0 ]; then rootpw=`zenity --title="Root-Password" --text='Please, type root's password...' --hide-text="" --entry` echo $PASSWD | su -c "$0 $@" exit fi # rest of program here... But su responds with "standard in must be a tty". sudo on the other hand doesn't seem to have the same problem, so e.g. in Ubuntu this works fine, as the user is always a sudoer. But by default sudo isn't installed in Mandriva 2008 and the user is no sudoer, so my script won't work on the servers I maintain without installing and configuring sudo first or installing kdesu... So: Is there any way to execute a bash script as a user, having zenity ask for the root PW and execute something with this PW which is stored in a variable? Thanks a lot. PeterPanic Quote Link to comment Share on other sites More sharing options...
iphitus Posted September 2, 2008 Report Share Posted September 2, 2008 Try using gksu/gksudo or an existing GUI password dialog box (there's a couple more, a gnome one and a kde one at least) that's designed for this. Quote Link to comment Share on other sites More sharing options...
PeterPanic Posted September 2, 2008 Author Report Share Posted September 2, 2008 Try using gksu/gksudo or an existing GUI password dialog box (there's a couple more, a gnome one and a kde one at least) that's designed for this. Yes, but is any of them installed with every Mandriva - no matter what window manager I use? And... doest that mean, there's no way to use su? The other thing is: I'd like to run some commands as root and some as a normal user, so if I could use su I could just issue one command as root and the otherone normally. Perhaps I'll use sudo and configure it from a bash script... :-( Hmmm... Quote Link to comment Share on other sites More sharing options...
adamw Posted September 2, 2008 Report Share Posted September 2, 2008 consolehelper is the system Mandriva tools use for this. You can create a command that, when run as normal user, will automatically prompt for root's password and then run with root privileges. If X is active it will pop up a GUI password prompt, at a console it'll just ask for it at the console. Quote Link to comment Share on other sites More sharing options...
theYinYeti Posted September 3, 2008 Report Share Posted September 3, 2008 Perhaps you could use "expect"… Quote Link to comment Share on other sites More sharing options...
PeterPanic Posted September 3, 2008 Author Report Share Posted September 3, 2008 Ah, thanks a lot, both of you. I'll look that up. Quote Link to comment Share on other sites More sharing options...
Phil Edwards Posted September 12, 2008 Report Share Posted September 12, 2008 Some things that are worth pointing out: There is a user group called 'wheel' that will be present on every Mandriva install. There is also the 'sudo' utility which allows certain commands to be run as root by ordinary users. This is configured by running 'visudo' as root. One approach to your scripting problem would be: 1. Add all of the users that need to be able to use your script into the 'wheel' group 2. Use 'visudo' and uncomment the line which allows members of the 'wheel' group to run any command without having to enter the root password 3. At the start of your script have something like this: CHK=`id|grep wheel` if [ "$CHK" = "" ]; then echo -e "Insufficient privileges to run this script - contact your system administrator" exit 0 fi This allows you to restrict script execution to members of the wheel group. It's not best practice in terms of security to give a bunch of users free rein over your system, which is essentially what I'm suggesting here that you do! :unsure: A better solution would be to have a read through the man pages for the sudo and visudo commands and see if you can work out how to add a group of your own and have the members of that group restricted to running only a limited number of commands, i.e. only the commands that are executred inside your script. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.