0

I have 2 users: usr1 and usr2. Neither is a root user.

usr1 starts a bash script. And from the script, I want to run some commands as usr2. I understand that the way to do it is: 

su -l <usr2> -c "command"

The issue is with passing the password. These are 2 different users with different privileges, so, skipping the password for usr2 is not an option.

This script can go interactive, and ask the user for the password. Is there a way to do this in bash script ?

Note: I am not an expert with scripting. And I have done some research before asking this question, but I couldnt find a suitable answer.

singleX
  • 375
  • 4
  • 13
  • Would adding the NOPASSWD option in the sudoers file be an option for you? – Jason Sep 20 '18 at 14:30
  • Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Super User](http://superuser.com/) or [Unix & Linux Stack Exchange](http://unix.stackexchange.com/) would be a better place to ask. – jww Sep 20 '18 at 14:33
  • @Jason: Nope, security is of utmost importance, and skipping the password is a big NO – singleX Sep 20 '18 at 14:41
  • @jww thanks for pointing out. I will try other forums – singleX Sep 20 '18 at 14:41
  • Isn't the script already prompting for usr2's password when executed interactively? Can you include a MCVE and terminal transcript? – that other guy Sep 20 '18 at 16:25
  • You can use echo as suggested on [this post](https://stackoverflow.com/questions/3980668/how-to-get-a-password-from-a-shell-script-without-echoing) – eorochena Sep 20 '18 at 16:35
  • @thatotherguy: I have 30-40 commands which needs to be run as usr2, so I want a solution where the scirpt asks the user the password once, and uses it then on when a su command is run – singleX Sep 20 '18 at 16:42
  • @eorochena: I saw a post where password is echoed and piped to the su command. But, that post also says that it's not a recommended way to do it. – singleX Sep 20 '18 at 16:43
  • @Manoj Use one `su` that runs all the commands then? The easiest way is to put them all in a separate script and run that with `su`. It's true that it's not recommended to echo passwords to `su`, but the primary reason for that is that people hard-code the password in the script and that's strictly worse than not requiring a password. – that other guy Sep 20 '18 at 17:05
  • @thatotherguy That is a good option which I can look at... Thanks – singleX Sep 20 '18 at 17:52

1 Answers1

1

You can try using the read read man page command see example below:

#!/bin/bash

read -s -p "Enter your password: " pass
echo $pass

In that case you will need to use /bin/su -c along with sudo -S

#!/bin/bash 

user=$1
read -s -p "Enter pass: " pass
cmd=$(echo $pass|sudo -S <some-command>)
su -c '$cmd' - $user

Where user=$1 additional bash argument, in this case the user id for usr2, then jut run it 

$sudo bash -x ./password.sh <target-user>
eorochena
  • 176
  • 12
  • The issue is how to use this password for running commands as su -l user – singleX Sep 20 '18 at 17:51
  • You can try to use /bin/su along with /usr/bin/sudo, I updated my answer to reflex this but, probably a better approach would be to give to use linux file ownership and permissions to control which user can execute it via groups. – eorochena Sep 20 '18 at 19:16