1

Recently I am stuck with a Java program. My requirement is, I have to restart my snmp service through java code in my Ubuntu machine. Normally We can do the same with 

Runtime.getRuntime().exec("service snmpd restart");

Above code is working fine if I log in to the system with ROOT user. But now the requirement came that, it may possible client machine doesn't have root permission. In that case to restart the snmp one need to execute the command with sudo "sudo service snmpd restart". This command will ask for machine password and after entering the password system will restart the service.

Now whenever I am trying to execute the java code with the below code, it's not restarting the service. ecasue it doesn't have the option to receive the password. Runtime.getRuntime().exec("sudo service snmpd restart");

So, please help me to find out a way to restart a service with java when user is not a root user and need to start a service with sudo command.

Souvik Bhattacharya
  • 177
  • 1
  • 10
  • As someone commented - "You can configure sudo to allow a specific command to run without a password. This doesn't require you to know the password." Do that, don't put passwords in java... – hovanessyan May 20 '13 at 21:06
  • Can you help me to get the configuration to configure sudo without password – Souvik Bhattacharya May 20 '13 at 21:11

3 Answers3

3

I'm almost sure that you will not be able to intercept the input for password as that would be a security issue. -- See Ricardo Cachiera's answer.

Regardless I don't recommend you do -S. My recommendation is that you configure sudo to let the java user run the snmpd with out a password (ie NOPASSWD).

So you'll have to know what user you are going to use to the Java code. Once you do, do this in a terminal:

sudo visudo

Add a line something like:

myusername ALL = (root) NOPASSWD: /etc/init.d/snmpd

You may have to make a wrapping shell script (as sudo doesn't support argument security) if you want to use the service command instead of sudo /etc/init.d/snmpd.

Community
  • 1
  • 1
Adam Gent
  • 47,843
  • 23
  • 153
  • 203
2

try that:

Runtime.getRuntime().exec("$echo <password> | sudo -S service snmpd restart");

It's a work solution although it's not the best solution in matter of security, because the password can be read by anyone that have access to JAR File.

Ricardo Cacheira
  • 797
  • 4
  • 6
  • 1
    The user could replace `sudo` in their path with something to echo piped input, thereby acquiring the password. This is a very insecure solution. -1 – le3th4x0rbot May 20 '13 at 22:40
  • It was my mistake, not saying that this was not the best solution. But This was a direct response to what the user asked. – Ricardo Cacheira May 20 '13 at 23:47
  • I like the response with the caveat that the password will be readily obtainable by anyone possessing the JAR file. Perhaps it is just a cron job, and it doesn't matter... then it is great. As an end user app, it is kinda risky. I will change my vote to +1 if you edit the answer. – le3th4x0rbot May 21 '13 at 00:01
  • +1 for a quick solution. – le3th4x0rbot May 21 '13 at 18:53
1

My suggestion has nothing to do with programming. Just modify your Sudoers file to allow users of your program to run the desired commands with NOPASSWD.

For a generic solution:

MY_APP_USERS MY_APP_HOSTS= NOPASSWD: MY_APP_CMDS.

When, the user tom (Part of MY_APP_USERS) runs sudo service snmpd restart (Part of MY_APP_CMDS) in one of the MY_APP_HOSTS he will be granted permission without using a password.

And a specific solution (without Aliases):

 # tom will be able  to run sudo /usr/sbin/service snmpd restart at userver 
 tom userver=(root) NOPASSWD: /usr/sbin/service snmpd restart
Anthony Accioly
  • 21,918
  • 9
  • 70
  • 118
  • I'm just curious: did you completely miss my answer that was posted an hour earlier than yours or did you think it was not a good answer. – Adam Gent May 21 '13 at 12:20