使用su和Expect脚本登录用户时出现问题 [英] Trouble logging in user using su and expect script
问题描述
我正在为您使用用户名和密码登录的班级创建网站,然后将您带到显示班级成绩的页面.
I am working on making a website for a class that you log into with a username and password, and then it takes you to a page that shows your grades in the class.
该网站使用 bash脚本运行,并将托管在用户使用的计算机上已经具有用于登录的用户名和密码.
The website is being run with a bash script, and will be hosted on a machine where the users already have a username and password to login.
我还有一个名为calcgrade.sh的脚本,它将为当前登录的用户或作为参数传递给脚本的用户计算成绩.
I also have a script called calcgrade.sh that will calculate the grades for either the user who is currently logged in, or the user passed to the script as an argument.
因此,最初,我将使用此命令:
So originally, I was going to use this command:
echo -e "$password\n" | sudo -Sk -u $user ./website/calcgrade.sh
以网站用户身份运行calcgrade.sh.但是,我发现sudo要求输入当前 登录用户的密码,而不是您要尝试以以下方式运行命令的 target 用户的密码.
to run calcgrade.sh as the user of the website. However, I found out that sudo asks for the password of the user who is currently logged in, not the target user you are trying to run a command as.
因此,经过阅读后,我发现一个更好的选择是将su与expect脚本一起使用,但是我无法使其正常工作.这是expect脚本的代码(当前,用户名和密码已进行硬编码以进行测试):
So after some reading, I found a better option would be to use su with an expect script, but I can't get it to work. Here is the code for the expect script (currently username and password are hard coded in for testing):
#!/usr/bin/expect
log_user 0
spawn /bin/su myusername
expect "Password: "
send "mypassword"
spawn "./website/calcgrade.sh"
interact
当我运行此脚本时,它似乎没有使用su登录用户,因为它继续使用我的帐户而不是用户帐户运行calcgrade.sh.
When I run this script, it doesn't seem to log in the user with su, as it goes on to run calcgrade.sh with my account, rather than the user's.
您看到我的脚本出了什么问题吗?还是可以看到一种更好的方式来做我想做的事?
Do you see what is wrong with my script? Or can you see a better way to do what I want?
此外,此方法的另一个问题是calcgrade.sh应该发送一些输出到stderr,但是当我使用expect脚本运行它时,错误消息将发送到网站(服务器正常工作通过将网站的html发送到stdout).有没有解决的办法,还是最好让expect脚本只是用su检查用户名/密码是否正确,如果正确,然后再运行./calcgrade.sh $user?
Also, another problem with this method is that calcgrade.sh is supposed to send some output to stderr, but when I run it with the expect script, the error messages get sent to the website (the server works by sending the html for the website to stdout). Is there a way around this, or might it be better to have the expect script just check with su if username/password is correct, and then if so, then run ./calcgrade.sh $user afterwards?
推荐答案
首先,这是做您想做的正确方法:
First of all, here's the correct way to do what you want to do:
- 授予您的Web服务器用户
sudo权限,使其能够以任何用户身份运行./website/calcgrade.sh,而无需输入密码. - 让Web服务器对用户进行身份验证,但是您认为合适.
- 让它运行
sudo -u someuser ./website/calcgrade.sh,不需要密码.
- Give your web server user
sudopermissions to run./website/calcgrade.shas any user, without requiring a password. - Have the web server authenticate the user however you see fit.
- Have it run
sudo -u someuser ./website/calcgrade.sh, no password required.
现在让我们看看为什么您的方法不起作用:
Now let's look at why your approach didn't work:
通常认为su会切换用户.不是这种情况.实际上,它启动了一个以其他用户身份运行的新Shell.
It's commonly believed that su switches user. This is not the case. It actually starts a new shell running as another user.
这意味着您无法生成su otheruser,让它完成,然后再生成calcgrade.sh.
This means that you can't spawn su otheruser, let it finish, and then afterwards spawn calcgrade.sh.
相反,您必须运行su otheruser,然后将命令发送到su启动的外壳程序:
Instead you have to run su otheruser, and then send commands to the shell that su starts:
#!/usr/bin/expect
log_user 0
spawn /bin/su someuser
expect "Password: "
send "somepassword\n"
# Now wait for a prompt and send the command to run
expect "$"
send "./website/calcgrade.sh\n"
interact
这篇关于使用su和Expect脚本登录用户时出现问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
