Bug 467

Summary: Sudo not working in shell script
Product: Sudo Reporter: Abdul <abdul.musthafa>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: high    
Priority: high    
Version: 1.6.9   
Hardware: Sun   
OS: Other   

Description Abdul 2011-02-14 23:34:44 MST 
Hi, I'm a beginner in shell scripting. I have a requirement, where i need to run few commands from another user.

Say for example, from user1 i need to run few commands as user2. Admin has configured the sudoers list etc. Now i can do sudo from user1 command prompt, without entering password. But when i execute the same set of command within a script, it prompts for password. I need to fix this issue ASAP. please advice.
this is how i do;

user1$> sudo su - usr2
usr2$> echo $home
usr2$> ksh backup.ksh
usr2$> echo "Done"
usr2$> exit
user1> echo "Back to home"

This works. But if i put all above commands(6 lines) into one script called invk.ksh and call like below;

user1$> ksh invk.ksh

Then it prompts for password again. I need to skip the password prompt within the script. because this script will be invoked from a scheduler.
Comment 1 Todd C. Miller 2011-02-15 08:32:20 MST 
You haven't provided enough details for me to really help you. The output of the following commands would be helpful:

user1$> sudo -V
user1$> sudo -l

Also, tat script is not going to do what you want if you just put those six lines verbatim since the commands will run after the "sudo su - usr2" is finished.  You would need to either pass the commands in a here document or run them via the shell's -c option.

In more recent versions of sudo (sudo 1.7.x) you would be better off just running "sudo -u usr2 -i backup.ksh".
Comment 2 Abdul 2011-02-15 10:54:56 MST 
Thanks for your quick response.

Operating system:- 

user1$> uname -a
SunOS xyz-abc-hij 5.9 Generic_122300-54 sun4u sparc SUNW,Sun-Fire-V490

user1$> sudo -V
Sudo version 1.6.9p17

The requirement is; we have a ETL tool called informatica. from informatica we need to run a shell script. That means the informatica installed on unix server and the informatica user will call the shell script. The shell script supposed to decrypt some files and process it. But informatica user(say user1) doesn't have access to decrypting utility/command, in other way user1 cannot decrypt the file. But only the usr2 can decrypt the file. So we have added user1 into the sudoers list in usr2, without password. Now i can run 

user1$> sudo su - usr2 

from user1 and then couple of decrypting and processing command from usr2 prompt as;

usr2$> pgp -p xyz.gz.gpg
usr2$> gunzip xyz.gz

At this time it won't prompt any password. I tried to put the same commands in the script as; 
 
#!/usr/bin/ksh
sudo su - usr2 
pgp -p xyz.gz.gpg
gunzip xyz.gz

Then invoked from informatica/user1. But this prompts the password again running forever. Even if you manually run the script as;

user1$> ksh backup.ksh

It prompt for the password. When you supply the password, then it works as designed. But the tool cannot supply the password.

Hope you got a clear picture.

Appreciate your quick response.
Comment 3 Todd C. Miller 2011-02-15 11:08:40 MST 
This script will not do what you want:

#!/usr/bin/ksh
sudo su - usr2 
pgp -p xyz.gz.gpg
gunzip xyz.gz

But this should:

#!/usr/bin/ksh
sudo su - usr2 <<EOF
pgp -p xyz.gz.gpg
gunzip xyz.gz
EOF

The output of "sudo -l" run by usr1 will list the exact command usr1 is allowed to run which may help debug your password problem.
Comment 4 Abdul 2011-02-15 11:39:25 MST 
This works Well. Thank you so much. Since we had set up password less sudo, it wont prompt the password. Now everything is perfect. I have become your fan. Thanks.


(In reply to comment #3)
> This script will not do what you want:
> 
> #!/usr/bin/ksh
> sudo su - usr2 
> pgp -p xyz.gz.gpg
> gunzip xyz.gz
> 
> But this should:
> 
> #!/usr/bin/ksh
> sudo su - usr2 <<EOF
> pgp -p xyz.gz.gpg
> gunzip xyz.gz
> EOF
> 
> The output of "sudo -l" run by usr1 will list the exact command usr1 is
> allowed to run which may help debug your password problem.