su pass password to script

Asked 3/10, 2013 at 16:20 Answered 3/8, 2016 at 10:49

I am trying to write a script that will run the following commands:

sudo su
runmqsc_result=`su -c "runmqsc QMGR < /home/rob/query_queue.txt" -m "mqm"`

My issue however, is that these commands are run as part of a shell script, by user that is in the sudoers file. However, obviously sudo su asks for the password of the user running it.

What I need to do is to pass the password to sudo su so that the script will run automatically. How can I do this?

p.s: I can't change the permissions for running "runmqsc"...it HAS to be run as user mqm which needs to be switched to from the root user.

Shadow answered 3/10, 2013 at 16:20 Comment(1)

Just configure sudo to allow executing runmqsc (possibly with the specific arguments) as user mqm without password—that's the primary purpose of sudo. The su is of course superfluous here; sudo already does its job. – Marianelamariani 22/12, 2020 at 9:13

From man sudo:

-S    The -S (stdin) option causes sudo to read the password from the standard
      input instead of the terminal device.  The password must be followed by a
      newline character.

So, while it defies all security principles, echo 'password' | sudo -S su [...] should work.

Alternatively, you could make your script writeable only by root and add the following to /etc/sudoers to allow the user johndoe to run it with root priviledges without having to enter his password:

johndoe ALL = NOPASSWD: /full/path/to/your/script

The part writeable only by root is important to prevent johndoe from modifying the script and executing arbitrary commands as root.

Tercentenary answered 3/10, 2013 at 16:26 Comment(2)

Defying all security principles I did this in Busybox: echo password | su -c reboot – Mcdougal 15/5, 2014 at 8:29

I believe the question was about passing to su, though; in my case, the machine in question does not and will never have sudo on it, so this solution is pretty much dead for su alone. – Hachmin 29/7, 2017 at 1:7

This solution work by using 'script' command from the 'bsdutiles' package that setup a pty (a terminal). The 'sleep' command is there to prevent sending the password before the 'su' command is ready to read it. The 'tail' command remove the "Password:" input line issued by 'su'.

 { sleep 1; echo rootpassword } | script -qc 'su -c "runmqsc QMGR < /home/rob/query_queue.txt" -m "mqm"' /dev/null | tail -n +2

Beware that the rootpassword could be see in many ways (history, ps, /proc/, etc...). Start the command with a space to at least avoid history recording.

Illusion answered 3/8, 2016 at 10:49 Comment(0)

Recommended topics

Hot tags