13

Trying to write a Java program capable of running a UNIX command as a different UNIX user. I have the user's password, and I know the command I want to run, but the command has to be run as that user - so I have to login as that user first.

For example: say we have a user, jim, who wants to see what's in bob's home directory, and (for whatever reason) jim has access to execute ls whereas bob does not. We are currently logged in as bob. Here is what we (could) do:

bob@host$ su jim && ls ~bob

Problem is, we get prompted for jim's password. Since this is run from a Java program, i.e.

Process p = Runtime.getRuntime().exec("su jim && ls ~bob");

we get prompted for jim's password and hung up. We know jim's password. However, I can't enter it.

Additionally, we can't use an Expect script (don't have it installed) and we can't become the superuser. I also looked into using SSH to try this, since we could technically do

bob@host$ ssh jim@host "ls ~bob"

but this also doesn't work since I don't have permission to setup passwordless SSH.

My last-ditch effort is to try and use an SSH library for Java, since the password is available to the Java program and I would be able to login with that (and execute the proper command). But since I'm going to be running on the same host, it seems like overkill.

Any suggestions?

P.S: Java version 1.4.2, can't upgrade; AIX UNIX 5.3.

Glen Balliet
  • 1,097
  • 2
  • 12
  • 21
  • were you able to find a workaround without using a third party library, if so can you please share? – HyperioN Jul 12 '17 at 05:36

6 Answers6

8

Have sudo installed, have the user running the Java program entered in /etc/sudoers for the commands in question, and use sudo -u jim ls ~bob.

DevSolar
  • 67,862
  • 21
  • 134
  • 209
  • This isn't a solution. Unfortunately, I can't modify the system in anyway - including installing sudo. – Glen Balliet Jun 18 '09 at 14:07
  • 2
    You need to switch hosts then. – Andrew Jun 18 '09 at 14:10
  • Agree with Andrew. If your host doesn't allow you stuff like pubkey SSH, and you cannot even get "sudo" installed, then chances are anything you could come up with regarding your "su" scheme, while perhaps possible, isn't allowed by your hoster either, and you're bound for trouble. Find a hoster allowing sudo, it's about the only sensible solution. – DevSolar Jun 18 '09 at 15:08
  • Just realized I never addressed these comments. This was a work-related question, and the company I worked for at the time had sufficient red tape such that around their servers that obtaining sudo access by any means would have been impossible. – Glen Balliet Sep 25 '12 at 02:13
  • 1
    @GlenHunt: I know the type. Red tape written by people who don't know the first thing about the technologies involved, and outlaw everything they don't understand, forcing those who *do* know their stuff to use second-grade workarounds instead of doing things the right (and secure) way... condolences. – DevSolar Sep 25 '12 at 07:32
6

Problem solved. Used JSch (http://www.jcraft.com/jsch/) to SSH into the server with known username and password, and execute command. Thanks all for your suggestions!

Glen Balliet
  • 1,097
  • 2
  • 12
  • 21
0

Possibly a java implementation of Expect? ExpectJ comes up when googling but I couldn't find any documentation regarding running under 1.4.2.

lucas
  • 6,951
  • 4
  • 33
  • 34
  • This might be a solution. Thanks for the tip. – Glen Balliet Jun 18 '09 at 14:24
  • Well, ExpectJ looks like it should work - managed to get the dependencies copied over and built. Problem is, though, ExpectJ uses StringBuilder, which didn't get implemented until 1.5. Any suggestions? – Glen Balliet Jun 18 '09 at 14:53
  • You can ask the ExpectJ people if they have an old version around (there isn't one on sourceforge). If the only problem is the StringBuilder, you should be able to modify the code yourself. – Kathy Van Stone Jun 18 '09 at 15:38
0

Have you tried redirecting the sudo commands input and writing to that. I haven't used Java in a while but I believe there is a way to get the input stream and write to it. You could use that to write the password followed by a new line and sudo or su should accept the password.

Use getInputStream() and write your password out to that.

su jim -c ls ~Bob
Stephan
  • 5,430
  • 2
  • 23
  • 31
-1

Perhaps this would work:

Process process = Runtime.getRuntime().exec("su jim && ls ~bob");

OutputStream standardInput = process.getOutputStream();
Writer standardInputWriter = new OutputStreamWriter(standardInput);
standardInputWriter.write("password\n");
standardInputWriter.close();
Adam Paynter
  • 46,244
  • 33
  • 149
  • 164
-1

I'm not sure this code:

Process p = Runtime.getRuntime().exec("su jim && ls ~bob");

will be executed in a shell, needed to evaluate the &&, that is a shell command (/bin/sh). You should pass the command "ls ~bob" via a command line swith of su. Something like:

su jim -c 'ls ~bob'
dfa
  • 114,442
  • 31
  • 189
  • 228