执行脚本作为另一个用户,而不是根 [英] Execute Script as another user whilst not being root
问题描述
情况:
我想直接从Web的GUI执行shellscript里。的shellscript里属于用户TUX。
由于我的网络服务器正在运行与Apache,我不能执行礼服的shellscript里。
操作系统:CENTOS
I'd like to execute a shellscript directly from a web-gui. The shellscript belongs to the user "tux". Since my webserver is running as apache, I can't execute tux's shellscript. OS: CENTOS
我已经试过:
su -c "/opt/tomcat/bin/shutdown.sh" -s /bin/sh tux
我尝试不同的方法,所提到的一个是它是如何工作时,我被登录为root用户。
I tried different ways, the mentioned one is how it worked when i was logged in as root user.
问:
有没有办法做同样的,而不是根源在哪里?类似的命令,我可以通过用户和密码来执行脚本。
Is there a way to do the same while not being root? Something like a command where I can pass the user AND its password to execute the script.
,因为它取决于TUX的个人资料(其他文件,目录),我不能只是改变剧本的所有权。
I can't just change the ownership of the script because it's depending on tux's profile (other files, directories).
非常感谢提前非常您的帮助!
Thanks very very much in advance for your help!
编辑:我编辑的例子,因为它是错误的。
edit: I had to edit the example since it was the wrong one.
推荐答案
试试这个:
echo "$pass" | sudo -S -u $user script
$通过是您的密码, $用户是谁想要运行脚本的用户。 (此用户必须具有运行该脚本的权限。)
$pass is you password, $user is the user who wants to run the script. (This user must have permission to run the script.)
如果你的用户没有权限,然后尝试运行作为组:
If your user doesn't have permission, then try running as group:
echo "$pass" | sudo -S -g $group script
这组必须具有运行该脚本的权限。
This group must have permission to run the script.
注:传递这样的密码是不是一个好主意。
Note: Passing password like this isn't a good idea.
如果您的用户不能使用sudo:
If your user can't use sudo:
如果您的用户不能使用sudo那么你可以不通过切换用户使用sudo运行该脚本。您应该考虑这种非sudo的用户帐户执行脚本。就因为这一点,该用户必须有权限执行脚本。
If your user can't use sudo then you can't run the script by switching users with sudo. You should consider executing the script with this non-sudo user account. And for that, this user must have permission to execute the script.
做到这一点的方法之一是改变脚本的权限 755 (从sudo的用户):的
One way to do that is to change permission of the script to 755 (from sudo user):
然后,你可以通过在终端输入路径执行脚本。 (如果你的脚本取决于相对路径,请务必 CD 来的脚本运行父目录之前)
Then you can execute the script by entering the path in terminal. (if your script depends on relative path, make sure to cd to the parent directory of the script before running it)
请注意:这将允许任何用户执行该脚本(没有任何验证)
Note: This will permit any user to execute the script (without any authentication)
另一种方式是到非sudo的用户加入到一组有权限来执行脚本:的
Another way is to add the non-sudo user into a group which has permission to execute the script:
在这种情况下,像权限:
In this case, permissions like:
chmod ug+rwx,o-x+r script
#read write xecute permission to user and group and readonly to others
和
chmod u+rwx,g+rx,o-x+r
#read write xecute to user and rx to group and readonly to others
等其中组必须执行该文件会做的伎俩的权利。这比使用 755 许可更安全。
的步骤在此过程中经历:
1.登录到具有须藤privillege的用户帐户。
1.Log in to the user account which has sudo privillege.
脚本,因为只有用户和组的2.Change许可将被允许执行脚本。
2.Change permission of the script as only user and group will be permitted to execute the script.
例如:
chmod u+rwx,g+rx,o-x path/to/the/script
3.加入非须藤用户向当前用户组
3.Add the non-sudo user to the current user group:
sudo usermod -g $USER non_sudo_user_name
#you don't need to edit $USER, only non_sudo_user_name
4.Do在非sudo的用户帐户的新登录。
4.Do a new login in the non sudo user account.
现在,你可以通过运行执行脚本:
Now you can execute the script by running:
/path/to/the/script
请注意:如果你的脚本取决于相对路径,那么你可能需要 CD 来的脚本运行父目录之前,
Note: If your script depends on relative path, then you might need to cd to the parent directory of the script before running it.
这篇关于执行脚本作为另一个用户,而不是根的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
