Re: how to change user in shell
--
"neoedmund" <neoedmund@gmail.com> wrote in message
news:1165586016.860414.286000@j72g2000cwa.googlegr oups.com...
Old Man �$B$N%a%C%;!<%8�(B:
> neoedmund wrote:
> > Barry Margolin �$B$N%a%C%;!<%8�(B:
> >
> >
> >>In article <1165451263.720470.220230@l12g2000cwl.googlegroups .com>,
> >> "neoedmund" <neoedmund@gmail.com> wrote:
> >>
> >>
> >>>Janis Papanagnou �$B$N%a%C%;!<%8�(B:
> >>>
> >>>
> >>>>neoedmund wrote:
> >>>>
> >>>>>i login as userA
> >>>>>in a shell X, i want to run shell Y in name of userB,
> >>>>>i know both password of userA and userB
> >>>>>how can i do it?
> >>>>>thanks!
> >>>>>
> >>>>
> >>>>The command to switch user is
> >>>>
> >>>>su - userB
> >>>>
> >>>>If the users default shell is not shell Y then simply
> >>>>start it, e.g. if Y is a Kornshell...
> >>>>
> >>>>ksh
> >>>>
> >>>>To leave the new shell type exit.
> >>>>To leave the su command type exit.
> >>>>
> >>>>Janis
> >>>
> >>>thanks, but su - userB will ask for password on the console, i'd like
> >>>to make "su - userB" automaticly in shell X without user interactive.
> >>>how to do it? thanks in advance.
> >>
> >>You wrote "I know both password of userA and userB." How do you expect
> >>to prove this if you don't want it to ask for the password?
> >
> >
> > I am ready to provide the password by a text file or some readable
> > string.
> > the password and security is not mean to me in this case, the
> > automation is mean to me because i donnot like to type password in
> > every task and at any time. and i have no root password.
> > have i something wrong?
> >
> > the method of ssh provided by Bill is reasonable, thanks to all.
> >
>
> What seems to be missing here is the concept of why a password is
> required and a refusal to accept that concept. In the realm of
> security, the password must not be compromised. Putting it into a text
> file is totally unacceptable. Have you ever considered "why the writers
> of the software made it this way in the first place?"
>
> For those who are willing to compromise "their own" security, whether
> right or wrong, the writers of SSH gave a way to use a passwordless
> secure certificate as someone already stated in this thread. This is a
> very reasonable approach to circumventing the system security.
>
> Think about this for a moment: Automated logins are like posting your
> door keys outside on a bulletin board with your address and the hours
> that you won't be at home?
>
> If I may be allowed a tacky moment: Have you tried installing a UPS on
> the system, logging into the system, then never logout? It would save
> you a lot of precious time. You could power off the terminal screens
> for security. Tacky off.
>
> This is a good technical forum with "free" answers and minimum effort on
> your part. There are many capable contributors that others get
> started in the UNIX world without the years of grief that it would take
> without these folks assistance. You could say that this forum is hosted
> by the "good guys".
thank you Old Man,
saving password to plain text file may not always be unacceptable,
because i think you can set the permission to self-readonly,
so only the file owner and root can access the content.
am i right?
-----------------
You are correct in concept, but reality provides some caveats. I have
been personally burned by doing what you described. In this long
response, these two situations were real events, regardless of right or
wrong or specifications:
1. I had a home directory on a system that was archived on remote
tape silo using a tar format. The tape was left laying unprotected
overnight by the lazy backup operator. A malicious co-worker that
exists in most groups, read the tape onto "his" system in a subdirectory
of his home directory, then replaced the tape. He extracted data at his
wishes from the archived data. Since I had many programs with
read-only passwords, he trashed me in front of the group and manager
by revealing information that only I could have known from files he
recovered. I know this for fact since I got the "root" holder to
investigate
the bad boy's directories.
2. In another company, I had a system with home directories for many
people. I wrote scripts that were only in "my" home directory. All of my
password files were read-only to me. My home directory was
searchable/readable by all (755). Another kind co-worker copied my
whole directory to his home, cruised my files, and used files "still in
development" to make me look really bad. Since this system was not
tape archived, I again had passwords in files. He now had access to
everything that was not ready to be released.
The primary moral is that even though you have read-only on a file,
it is still bad practice because, as I have experienced, I did not have
full control on other factors or actors.
If you want to protect your home from copying by other sweeter
darlings of the "team", make your home directory unsearchable and
unreadable by group or other.
Another lesson: After making all of my directories and
subdirectories inaccessible to anyone but me (700), I was accused by
the group as "not being a team worker".
Do you see this as a negative response? Live through what I did and
you will learn what negative really is.
I think that it would be very nice if you could learn from my mistakes.
I am still a group-non-teamworker; all of my directories have permissions
of 700. I don't have clear-text passwords anywhere except in my PDA.
Realize that there are loving individuals with smiling faces much closer
than you think; that is why we have mandatory passwords. I suggest
that you use the given tools to protect yourself, and let me be the one
with the negative experiences; your life will be much better.
I hope that this is taken with good heart as was intended.
Old Man
|
06/12/2006, 12h51
