Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Running a script as another user (Solaris and Linux)

  • 28-01-2005 12:59pm
    #1
    Registered Users, Registered Users 2 Posts: 6,571 ✭✭✭


    I have a directory that is writeable by only one user (not root). Let's call the user 'build_tb' (build tarballs).
    The directory will contain source tarballs for use in a build.
    To allow users add tarballs to this directory I was planning to have a script that copied the new tarball to a world writeable temp directory. It would also log the submission and email people.
    Then a cronjob (run in build_td's account) will check for new files in the temp dir and copy them to the protected dir.

    A colleague would like the original script (run by users) to trigger the second script. I prefer the cronjob.

    Is the triggering possible? How would I do it with perl? (I prefer perl over shell scripting, though shell solutions okay).


Comments

  • Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭Khannie


    Have a looksee at sudo. It allows you to control who runs what as a specific user. Could help avoid all that cack.

    sudo -u build_tb cp mytarball.tar /directory/that/is/only/writeable/by/build_tb

    You need to have sudo set up to allow whichever user to issue commands as build_tb. Not sure if you can specify individual commands to be allowed / disallowed or not.

    HTH. If it's not what you're looking for, let me know. Not sure that your scripting suggestion above is possible (though the cronjob is).


  • Registered Users, Registered Users 2 Posts: 2,755 ✭✭✭niallb


    Khannie wrote:
    Have a looksee at sudo. ...
    Not sure if you can specify individual commands to be allowed / disallowed or not.

    Yes you can.
    You can also group lists of commands and lists of users, and describe permissions
    in terms of which group of users can perform which groups of commands as which users.

    NiallB


  • Registered Users, Registered Users 2 Posts: 102 ✭✭cormy


    You mention Solaris in your subject line so here's my 2 cents from a Solaris perspective: If you're using Solaris 9 or 10 (or late versions of Solaris 8), it has a feature called RBAC (role-based access control), which provides all the functionality of Sudo (which is also available for Solaris btw). It's a little trickier to configure than sudo admittedly, but it's nice because it's tightly integrated into the OS and seems very flexible.

    <probably-going-further-than-I-need-to>
    Also, your RBAC config can be put into a name service (i.e. NIS or LDAP - if you have such an environment set up), so that the build_tb user could have whatever privileges/rights you want, on all systems (without having to go to each one setting the account up machine by machine).
    </probably-going-further-than-I-need-to>


Advertisement