Executing unix command from script

Neminath has asked for the wisdom of the Perl Monks concerning the following question:

Replies are listed 'Best First'.
Re: Executing unix command from script by Tanktalus (Canon) on Jul 08, 2008 at 16:47 UTC
Welcome to unix. A bit of convolution, but still far simpler than the Windows security model, IMO. (Though still not perfect, but I digress.) First off, just because you can't log in as root doesn't mean you can't log in as root. ;-) It just means you can't log in via gdm (the GUI) as root - a good thing by any security-minded definition. You should be able to gain root access in any number of other ways, some requiring a password, others have the password as optional. What I've done in the past is set up sudo to allow running of a particular command without a password. In my case, I want to run it as a particular user, so I have: `%build ALL=(nobody) NOPASSWD: /full/path/to/script` [download] With this, anyone can run "sudo -u nobody /full/path/to/script" and not be asked for a password. Well, that's great, but a bit cumbersome. So my script does this: `# Are we the right user? use User::pwent; my $user_wanted = 'nobody'; my $user = getpwnam($user_wanted); if ($< != $user->uid()) { exec(qw(sudo -u), $user_wanted, $0, @ARGV); } [...]` [download] Now I can just run /full/path/to/script, and it will exec itself as the right user if it isn't already. Hope that helps.	[reply] [d/l] [select]
Re: Executing unix command from script by pc88mxer (Vicar) on Jul 08, 2008 at 16:41 UTC
You can configure `sudo` to not ask for a password. See the `NOPASSWD` option in `man sudoers`.	[reply] [d/l] [select]
Re: Executing unix command from script by moritz (Cardinal) on Jul 08, 2008 at 17:04 UTC
You can configure sudo so that it doesn't ask for a password when executing particular commands. Note that is a huge security hole if done wrong. See `man 5 sudoers` for a description of the configuration file syntax.	[reply] [d/l]
Re: Executing unix command from script by taffer (Novice) on Jul 08, 2008 at 16:49 UTC
Another possible solution is to create a shell script or an expect script that could do the sudo cmd and supply the password to it, then call this script from perl. It is a bit of an ugly solution, but should work.	[reply]
Re: Executing unix command from script by sgifford (Prior) on Jul 09, 2008 at 02:29 UTC
Any idea something like if i invoke my script with root privileges those privileges are inherited to commands in the script which avoids prompting of password each time That's actually exactly what happens: if your script runs as root, anything it runs will also run as root. If you run your main script under `sudo`, it will run as root, so none of the commands it runs should need `sudo` to run. -- sgifford's Web page	[reply] [d/l] [select]
Re: Executing unix command from script by philipbailey (Curate) on Jul 08, 2008 at 20:47 UTC
Another way, not mentioned so far, is to set the "setuid" bit on the executable file. This assumes the file is owned by root. Something like: `chmod u+s script.pl` [download] As for any method giving ordinary users elevated privileges, there are security issues. You may need to check that Perl has been compiled with the "ENABLE_SUIDPERL" option. There may be other complications--but this is something else for you to consider.	[reply] [d/l]


Perl-Sensitive Sunglasses
	PerlMonks