On Thu, Oct 23, 2014 at 05:01:34PM -0400, Mark Creamer via smartos-discuss
wrote:
...
> Now he wants to add a step whereby within the script, it will su to
> another user (service account) and run a different command, but of
> course it prompts for that user's password.
> How can I allow "su - otheruser" without a password prompt, similar to
> how root can always su to another account?
For such simple cases we use a setup like this:
#!/bin/ksh93
ACCOUNT='blafahsel'
SCRIPT="/local/usr/bin/pf-${ACCOUNT}"
print '#!/usr/bin/tcsh
setenv USER `id -un`
setenv GROUP `id -gn`
setenv LOGNAME $USER
exec /usr/bin/tcsh' >${ZPATH}/root/${SCRIPT}
chmod 0755 ${ZPATH}/root/${SCRIPT}
print "${ACCOUNT} Hopper:suser:cmd:::${SCRIPT}:uid=%s;gid=%s" \
${ id -u ${ACCOUNT}; } ${ id -g ${ACCOUNT}; } \
>${ZPATH}/root/etc/security/exec_attr.d/${ACCOUNT}-shell
# EOS
And finally do something like usermod -P+"${ACCOUNT} Hopper" $user
on demand.
Have fun,
jel.
--
Otto-von-Guericke University http://www.cs.uni-magdeburg.de/
Department of Computer Science Geb. 29 R 027, Universitaetsplatz 2
39106 Magdeburg, Germany Tel: +49 391 67 52768
-------------------------------------------
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00
Modify Your Subscription:
https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb
Powered by Listbox: http://www.listbox.com
