Bugzilla – Bug 467
Sudo not working in shell script
Last modified: 2011-02-15 11:39:25 MST
Hi, I'm a beginner in shell scripting. I have a requirement, where i need to run few commands from another user. Say for example, from user1 i need to run few commands as user2. Admin has configured the sudoers list etc. Now i can do sudo from user1 command prompt, without entering password. But when i execute the same set of command within a script, it prompts for password. I need to fix this issue ASAP. please advice. this is how i do; user1$> sudo su - usr2 usr2$> echo $home usr2$> ksh backup.ksh usr2$> echo "Done" usr2$> exit user1> echo "Back to home" This works. But if i put all above commands(6 lines) into one script called invk.ksh and call like below; user1$> ksh invk.ksh Then it prompts for password again. I need to skip the password prompt within the script. because this script will be invoked from a scheduler.
You haven't provided enough details for me to really help you. The output of the following commands would be helpful: user1$> sudo -V user1$> sudo -l Also, tat script is not going to do what you want if you just put those six lines verbatim since the commands will run after the "sudo su - usr2" is finished. You would need to either pass the commands in a here document or run them via the shell's -c option. In more recent versions of sudo (sudo 1.7.x) you would be better off just running "sudo -u usr2 -i backup.ksh".
Thanks for your quick response. Operating system:- user1$> uname -a SunOS xyz-abc-hij 5.9 Generic_122300-54 sun4u sparc SUNW,Sun-Fire-V490 user1$> sudo -V Sudo version 1.6.9p17 The requirement is; we have a ETL tool called informatica. from informatica we need to run a shell script. That means the informatica installed on unix server and the informatica user will call the shell script. The shell script supposed to decrypt some files and process it. But informatica user(say user1) doesn't have access to decrypting utility/command, in other way user1 cannot decrypt the file. But only the usr2 can decrypt the file. So we have added user1 into the sudoers list in usr2, without password. Now i can run user1$> sudo su - usr2 from user1 and then couple of decrypting and processing command from usr2 prompt as; usr2$> pgp -p xyz.gz.gpg usr2$> gunzip xyz.gz At this time it won't prompt any password. I tried to put the same commands in the script as; #!/usr/bin/ksh sudo su - usr2 pgp -p xyz.gz.gpg gunzip xyz.gz Then invoked from informatica/user1. But this prompts the password again running forever. Even if you manually run the script as; user1$> ksh backup.ksh It prompt for the password. When you supply the password, then it works as designed. But the tool cannot supply the password. Hope you got a clear picture. Appreciate your quick response.
This script will not do what you want: #!/usr/bin/ksh sudo su - usr2 pgp -p xyz.gz.gpg gunzip xyz.gz But this should: #!/usr/bin/ksh sudo su - usr2 <<EOF pgp -p xyz.gz.gpg gunzip xyz.gz EOF The output of "sudo -l" run by usr1 will list the exact command usr1 is allowed to run which may help debug your password problem.
This works Well. Thank you so much. Since we had set up password less sudo, it wont prompt the password. Now everything is perfect. I have become your fan. Thanks. (In reply to comment #3) > This script will not do what you want: > > #!/usr/bin/ksh > sudo su - usr2 > pgp -p xyz.gz.gpg > gunzip xyz.gz > > But this should: > > #!/usr/bin/ksh > sudo su - usr2 <<EOF > pgp -p xyz.gz.gpg > gunzip xyz.gz > EOF > > The output of "sudo -l" run by usr1 will list the exact command usr1 is > allowed to run which may help debug your password problem.