using "su" without keying in the password
Kenneth Almquist
ka at cs.washington.edu
Thu Mar 22 13:28:57 AEST 1990
orr at neptune.UUCP (Rick Orr) asks:
> Is there a way to use the "su" command in a script and have the
> script supply the password, without it having to be typed.
> I have tried several ways without any success.
Su reads the password from /dev/tty. So the only way to get it to
read from something other than the terminal is to run in on a pseudo-
tty, if your version of UNIX has those.
For security reasons, you don't want to have the superuser password
sitting in a file in your system anyway. Consider writing a C program
to do what you want:
#include <stdio.h>
#define ROOTID 0 /* uid of superuser */
#define MYUID 746 /* my uid */
main(argc, argv) char **argv; {
char **arglist;
static char *shell_args[] = {"/bin/sh", NULL};
/* perform security checks */
if (getuid() != MYUID) {
fprintf(stderr, "Permission denied.\n");
exit(2);
}
/* now run the program as root */
arglist = argc > 1? argv + 1 : shell_args;
setuid(ROOTID);
execvp(arglist[0], arglist);
fprintf(stderr, "%s: not found\n", arglist[0]);
exit(2);
}
Now make this program setuid to root, and you have a variant of "su"
which doesn't require a password. But only the user with uid 746 can
run it. You can replace this check with something appropriate for
your particular application.
Kenneth Almquist
More information about the Comp.unix.wizards
mailing list