Jump to content
PeterPanic

Root-PW from a variable

Recommended Posts

Hi.

 

I'm just writing a script that adds a new User in Linux, samba, mysql and in a record in a mysql-db. This script obviously has to be run as root. I am aware of the security issues when saving a root password in a bash variable, but I guess typing it over and over again isn't much less secure. And this post isn't about the security aspect, so please try and help me with the real question.

 

In a pure bash environment I can use the following code to look if I'm root, and if not, restart the same script with "su"

 

if [ $UID -ne 0 ]; then
 echo "Please, type root's password..."
 su -c "$0 $@"
 exit
fi
# rest of program here...

 

This will cause su to ask the user for the password.

 

Now I want to run this in a graphical environment. Of course, I can use "kdesu" instead of "su", but I'm not sure, kdesu is even there. But there is zenity. Now I tried:

if [ $UID -ne 0 ]; then
 rootpw=`zenity --title="Root-Password" --text='Please, type root's password...' --hide-text="" --entry`
 echo $PASSWD | su -c "$0 $@"
 exit
fi
# rest of program here...

 

But su responds with "standard in must be a tty".

 

sudo on the other hand doesn't seem to have the same problem, so e.g. in Ubuntu this works fine, as the user is always a sudoer. But by default sudo isn't installed in Mandriva 2008 and the user is no sudoer, so my script won't work on the servers I maintain without installing and configuring sudo first or installing kdesu...

 

So: Is there any way to execute a bash script as a user, having zenity ask for the root PW and execute something with this PW which is stored in a variable?

 

Thanks a lot.

 

PeterPanic

Share this post


Link to post
Share on other sites

Try using gksu/gksudo or an existing GUI password dialog box (there's a couple more, a gnome one and a kde one at least) that's designed for this.

Share this post


Link to post
Share on other sites
Try using gksu/gksudo or an existing GUI password dialog box (there's a couple more, a gnome one and a kde one at least) that's designed for this.

Yes, but is any of them installed with every Mandriva - no matter what window manager I use?

 

And... doest that mean, there's no way to use su? The other thing is: I'd like to run some commands as root and some as a normal user, so if I could use su I could just issue one command as root and the otherone normally. Perhaps I'll use sudo and configure it from a bash script... :-( Hmmm...

Share this post


Link to post
Share on other sites

consolehelper is the system Mandriva tools use for this. You can create a command that, when run as normal user, will automatically prompt for root's password and then run with root privileges. If X is active it will pop up a GUI password prompt, at a console it'll just ask for it at the console.

Share this post


Link to post
Share on other sites

Some things that are worth pointing out:

 

There is a user group called 'wheel' that will be present on every Mandriva install. There is also the 'sudo' utility which allows certain commands to be run as root by ordinary users. This is configured by running 'visudo' as root. One approach to your scripting problem would be:

 

1. Add all of the users that need to be able to use your script into the 'wheel' group

 

2. Use 'visudo' and uncomment the line which allows members of the 'wheel' group to run any command without having to enter the root password

 

3. At the start of your script have something like this:

 

CHK=`id|grep wheel`
if [ "$CHK" = "" ]; then
echo -e "Insufficient privileges to run this script - contact your system administrator"
exit 0
fi

 

This allows you to restrict script execution to members of the wheel group.

 

It's not best practice in terms of security to give a bunch of users free rein over your system, which is essentially what I'm suggesting here that you do! :unsure:

 

A better solution would be to have a read through the man pages for the sudo and visudo commands and see if you can work out how to add a group of your own and have the members of that group restricted to running only a limited number of commands, i.e. only the commands that are executred inside your script.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...