How can i run a part of a script as a different user?
Solution 1
I would expect that the script stops at the "su" command because it's prompting for a password and not getting one.
As often multiple solutions for that :)
Instead of "su" use "sudo" which has the -S switch to accept a password from standard input:
echo "password" | sudo -S -u USER1 sh -c "...
Alternatively move that section of your application/script that needs to run as a different user to a helper application. You can then avoid scripting with a stored clear text password (which has some security concerns) by using the set-uid and set-gid on that helper application:
chown USER1.GRP1 helperapp
chmod 6755 helperapp
The risk you run with this is that now anyone on the system can run helperapp as USER1. Instead of using set-uid/gid you can use configure sudo to allow a specific user to run het helperapp as USER1 without a password prompt (this requires admin/root priviliges):
# /etc/sudoers
# Allow USER2 to run helperapp as USER1 without prompting for a password
USER2 ALL=(USER1) NOPASSWD:/path/to/helperapp
your code can then look something like this:
#!/bin/ksh
(some code)
Log=~/my.log
chown USER1 filename
sudo -u USER1 /path/to/helperapp | tee -a ${Log} 2>&1;
None of this was tested and use at your own peril...
Solution 2
Since you are running su -
, you are telling su
to run a login shell. A login shell ignored its -c
argument and reads commands interactively instead. The solution is to not pass -
.
If you want to read the target user's startup file, do that explicitly.
su - USER1 <<EOF
date
if [ -e ~/.profile ]; then . ~/.profile; fi
…
EOF 2>&1 | tee -a -- "$LOG"
Related videos on Youtube
Ezequiel
Updated on September 18, 2022Comments
-
Ezequiel over 1 year
#!/bin/ksh (some code) Log=~/my.log chown USER1 filename su - USER1 -c " date | tee -a ${Log} 2>&1; cd /blah/blah if [ SOMECONDITION ] then sh ./somescript.ksh > logfile fi exit" | tee -a ${Log} 2>&1;
The script tends to stop when it swicthes to USER1 and then it executes again when we have to exit manually.
-
Stéphane Chazelas over 10 years
-
Gilles 'SO- stop being evil' over 10 years@StephaneChazelas This is only relevant if the script isn't running as root. Given that the script calls
chown
, it is highly likely to be running as root. -
Stéphane Chazelas over 10 years@Gilles, my answers there are for the case where the script is running as root.
-
-
blahblahblah over 10 yearsYou can add TCPMUX to the list.
-
Gilles 'SO- stop being evil' over 10 yearsThis is only relevant if the script isn't running as root. Given that the script calls
chown
, it is highly likely to be running as root. -
Ezequiel over 10 yearsyes it runs as root