0

I got a script from this question(see the accepted answer), it works great with my own username but when I try to execute it as follows: 

sudo bash ./scriptname.sh username password

and give my password, at first it says "can't run as root" , I realized that the script contained this originally So I removed some lines to eventually look like this : 

#!/bin/bash
#
# login.sh $USERNAME $PASSWORD

export LC_ALL=C


if [ ! $# -eq 2 ]; then
        echo "Wrong Number of Arguments (expected 2, got $#)" 1>&2
        exit 1
fi

USERNAME=$1
PASSWORD=$2

#since we use expect inside a bash-script, we have to escape tcl-$.
expect << EOF
spawn su "$USERNAME" -c "exit" 
expect "Password:"
send "$PASSWORD\r"


set wait_result  [wait]

# check if it is an OS error or a return code from our command
#   index 2 should be -1 for OS erro, 0 for command return code
if {[lindex \$wait_result 2] == 0} {
        exit [lindex \$wait_result 3]
} 
else {
        exit 1 
}
EOF

but now I'm getting:

spawn su username -c exit
send: spawn id exp6 not open
while executing
"send "password\r""

I saw this question but the answer didn't help me, my script runs fine with my own username but not with root.

I also saw this but it doesn't relate to the job of my script.

So what to do ?

Edit

I have a java application which needs root access to accomplish some tasks And as such I'm running it with sudo.

At the same time the application needs to execute this script, I can execute a script perfectly from java, I just need the script to be correct.

The application is a server that responds to clients, when the client signs up , the server creates users and groups, I managed to create the users and the groups(that's why the application needs to be run as root).

So what I want to work out here is the authentication, I saw that script and thought of using it but then I had the problem I stated.

So what to do in this situation ?

Community
  • 1
  • 1
niceman
  • 2,653
  • 29
  • 57
  • 1
    The original code explains why running as root doesn't work. There's no password prompt to wait for in that case as `su` doesn't require root to enter a password. – Etan Reisner Nov 23 '15 at 17:07
  • @EtanReisner I see, So how to make it run under root ? – niceman Nov 23 '15 at 17:16
  • With this method of testing passwords I'm not sure you can as such. – Etan Reisner Nov 23 '15 at 17:26
  • @EtanReisner hmm , are there other methods which work under root ? – niceman Nov 23 '15 at 18:05
  • I'm not sure off the top of my head but this sounds a bit like an [XY problem](http://meta.stackexchange.com/questions/66377/what-is-the-xy-problem). What are you *actually* trying to do here? – Etan Reisner Nov 23 '15 at 18:08
  • @EtanReisner see my Edit – niceman Nov 23 '15 at 18:14
  • You just want to control which users can run the script as root? So use `sudo` for that. List the appropriate users as people who can run `sudo script`? – Etan Reisner Nov 23 '15 at 18:18
  • Maybe you should have the first `su` run a second `su`; the first `su` can become `bin` or some other user; the second can attempt to become the user whose password you're validating: `spawn su bin -c "su $USERNAME -c "exit"`. The first `su` should succeed without prompting because you're starting as root; the second should only succeed if the password is correct. – Jonathan Leffler Nov 23 '15 at 18:21
  • @JonathanLeffler could you show some sample code, no matter how I try I get "unexpected end of file" – niceman Nov 23 '15 at 18:41
  • Oh flip! I didn't delete the double quote _before_ `exit`, which, being a single word command with no metacharacters, doesn't have to be quoted to be safe. Sorry about the typo. It should be: `spawn su bin -c "su $USERNAME -c exit"` (if it is going to work at all). – Jonathan Leffler Nov 23 '15 at 18:45
  • @JonathanLeffler I verified that the original script exit with 1 whether the username and password are correct or not why is that ? – niceman Nov 24 '15 at 01:12
  • Don't know; presumably, something is failing. Forget I suggested anything, then. You might, I suppose, check that there is a user `bin` on your system; you can choose any non-root user instead of `bin` or the user you're trying to validate. – Jonathan Leffler Nov 24 '15 at 01:20
  • @JonathanLeffler I think I know the issue, I don't have lindex command , executing lindex in terminal shows "command not found", I'm using Arch Linux but don't know what package do I need to get the command – niceman Nov 24 '15 at 01:23
  • The `lindex` 'command' is part of Tcl/Tk and hence Expect. If you "don't have the `lindex` command", then you appear not to be running something Tcl-ish. I've forgotten the minutiae of Tcl/Tk and Expect at this point; I'd have to dig out the manual. – Jonathan Leffler Nov 24 '15 at 01:28
  • Note - generally speaking, you should NOT need root/sudo to 'test' a login/password combo - just use them directly (pass/fail...) Root/sudo Only, perhaps needed if resetting/creating/removing users. Also possible to create a solution where you use non-root/system account to manage 'application users' - reduce likelihood that 'app compromise' == 'system compromise'... :) – Dale_Reagan Nov 27 '15 at 00:28
  • @Dale_Reagan the system doesn't need root for testing a login/password but it needs root access for creating users and groups. – niceman Nov 27 '15 at 10:54

0 Answers0