Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.
Hi all, please see this major site announcement: https://www.boards.ie/discussion/2058427594/boards-ie-2026

Running a script as another user (Solaris and Linux)

  • 28-01-2005 12:59PM
    #1
    daymobrew
    Registered Users, Registered Users 2 Posts: 6,704 ✭✭✭


    I have a directory that is writeable by only one user (not root). Let's call the user 'build_tb' (build tarballs).
    The directory will contain source tarballs for use in a build.
    To allow users add tarballs to this directory I was planning to have a script that copied the new tarball to a world writeable temp directory. It would also log the submission and email people.
    Then a cronjob (run in build_td's account) will check for new files in the temp dir and copy them to the protected dir.

    A colleague would like the original script (run by users) to trigger the second script. I prefer the cronjob.

    Is the triggering possible? How would I do it with perl? (I prefer perl over shell scripting, though shell solutions okay).


Comments

  • #2
    Khannie
    Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭Khannie


    Have a looksee at sudo. It allows you to control who runs what as a specific user. Could help avoid all that cack.

    sudo -u build_tb cp mytarball.tar /directory/that/is/only/writeable/by/build_tb

    You need to have sudo set up to allow whichever user to issue commands as build_tb. Not sure if you can specify individual commands to be allowed / disallowed or not.

    HTH. If it's not what you're looking for, let me know. Not sure that your scripting suggestion above is possible (though the cronjob is).


  • #3
    niallb
    Registered Users, Registered Users 2, Paid Member Posts: 2,786 ✭✭✭niallb


    Khannie wrote:
    Have a looksee at sudo. ...
    Not sure if you can specify individual commands to be allowed / disallowed or not.

    Yes you can.
    You can also group lists of commands and lists of users, and describe permissions
    in terms of which group of users can perform which groups of commands as which users.

    NiallB


  • #4
    cormy
    Registered Users, Registered Users 2 Posts: 102 ✭✭cormy


    You mention Solaris in your subject line so here's my 2 cents from a Solaris perspective: If you're using Solaris 9 or 10 (or late versions of Solaris 8), it has a feature called RBAC (role-based access control), which provides all the functionality of Sudo (which is also available for Solaris btw). It's a little trickier to configure than sudo admittedly, but it's nice because it's tightly integrated into the OS and seems very flexible.

    <probably-going-further-than-I-need-to>
    Also, your RBAC config can be put into a name service (i.e. NIS or LDAP - if you have such an environment set up), so that the build_tb user could have whatever privileges/rights you want, on all systems (without having to go to each one setting the account up machine by machine).
    </probably-going-further-than-I-need-to>


Advertisement