Escalating to a root shell

(Continuing from here.)
Here's my situation:
Basically, I want to be able to escalate to root several times during the script, but not perform all commands as root. And I don't want to have to prompt the user for a password every time root privs are required because the process will be lengthy. The best way to do that would be to escalate the script into a shell with new permissions, but I don't know how.
I figure I have two practical solutions:
a)
In the script, start a new shell that continues execution from that point on.
Basically what I want is:
normal code
launch root shell
as root, spawn a shell as the original user
continue execution as original user
on a whim, exit the user shell back to the root shell to perform some root commands
get a new user shell to continue execution as the user
exit user shell
exit root shell
exit program
But I don't know how to launch a new shell and continue execution from that point.
b)
Fork off a process as root and loop while waiting for commands and send root commands to execute to it through a secure named pipe.
But I need the pipe to be secure (ie, don't want malicious programs to feed their own data into the pipe) but don't know how to secure a pipe.
(Alternative solutions are welcome too, the link points to my original question along these lines.)
I would prefer method b, but I'm really not choosy. I just want to perform building of packages and various setup therefore not as root, but be able to escalate to root for package installation.

ralvez wrote:
I think that what you need is a top-down approach.
You start the script with the higher level authority (root) and therefore you can su to any user in the system (without using a password) when you need to act as a regular user.
This script will get you started as root.
user=$UID
if [ $user != 0 ]
then
echo "Sorry. Only the ROOT user can run this program !"
exit
else
echo "###############( Updating Programs )###############"
echo
echo "Start: "
date
# su myuser
# other commands as user here
fi
Hope this helps.
R.
Wouldn't that switch over to a user session, effectively halting the script that is running in the root session until the user manually exits from the user session and then continue from the line after it the "su myuser" in the root session as the script is only running in the root session and not in the user session.

Similar Messages

Root shell from KADB ?

Anyone here rememeber the macro to drop into a root shell from kadb ??
I have a system which is located on a remote site and I really dont feel like driving 2 hours to recovery the system password, I rememeber using a kadb macro a while back to get around this, I tried looking through docs.sun.com & google with no luck so i'm posting here thanks.
rbrown[@]doitt.nyc.gov

1. How come that
on one Mac the root shell setting is
/bin/tcshThat Mac probably came with
10.2 and has been upgraded, keeping your default
shell which would have been set to tcsh
originally.
Yes I think you are correct.
It doesn't matter (although it may confuse you) but
baltwo has told you one good way to change it.
Thanks for this. I now understand!

Wrong root - shell

I tried to be clever and changed the shell in passwd. Seems like I typed something wrong... now whenever I try to log on, I get the error "wrong shell". How can I change the shell without doing a reinstallation ??
Thanks,
Jan

Hi,
<pre>
I am assuming it is an intel system. You need to do the steps
that you would do for the installation, till you see CDE(windows)
and then you stop the installation. You need to boot the system
using the floppy and then with the CD, when it asks you for
IPaddress and other stuff don't answer that, right click the
mouse and open one more console/terminal window.
Run the fsck on the root slice(for ide disk most likely:
/dev/dsk/c0d0s0). Mount that slice onto /a or /mnt partition.
#mount /dev/dsk/c0d0s0 /mnt
#vi /mnt/etc/passwd
and correct the entry.
# umount /mnt
#halt
</pre>
Hope this helps.
Thanks
Kalpesh

Root-shell doesn't source /root/.bashrc

Moin
When I change to the root user the bashrc is not sourced. No matter if I "su -" or login as root, the /root/.bashrc is not source. I need to manually type "source ~./.bashrc".
On all other Linux-distros I ever used this was done automatically.
How can I change this behavious?
Thanks in advance.

both .bashrc and .bash_profile are available from /etc/skel. Usually, the contents of this directory are copied to a new user's home directory when using the useradd command. I'm not sure why they're not added to the /root directory on a fresh install. The answer is probably on the arch-dev-public mailing list.

ZTE Open C, brand new, following instructions bootloader will not unlock; have rooted terminal

''locking this thread as duplicate, please continue at [https://support.mozilla.org/en-US/questions/1014768 /questions/1014768]''
I bought the device for developing purposes and just got it today. I am a US user by the way.
I followed the directions that are listed here for how to root the device and unlock the bootloader, however, the directions do not work.
I now have a rooted terminal using adb shell, however, when i reboot to the bootloader and run fastboot devices I get nothing, and no other fastboot command works.
This is absolutely ridiculous. I bought the phone from the ebay site just this week using the link here on Mozilla. I've even synced and built B2G for the device. But I can't unlock my bootloader? Defeats the purpose of "open" and makes me regret my purchase.
I would appreciate some prompt help in this matter.

I fixed this on my own.
And for you information that is the exact tool that I used.
And I'm not a novice; I know what a root shell is and I wouldn't have said that I have root if I didn't.
Maybe read the post before assuming you know more than the poster...
Anyway...
i just built cwm for the device and using the rooted shell dd'd the factory recovery image and dd'd the new one.
then i installed the ZTE Kis 3 firmware with the new recovery
then i rebooted to the bootloader and did "sudo fastboot oem unlock" and the bootloader was unlocked.
this did not working following the aforementioned guide using only the upgrade tool otherwise i wouldn't have posted.

Add root user to access all server services?

Hi,
How do I add root user in snow leopard server to access all its services. I have a admin account from which i can access all services but looking for root user to access all server services.
When ever I'm trying to ssh using root it gives an error.
Please find the error output below.
arth:~ gulab$ ssh [email protected]
Password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive).
Thanks,
Gulab Pasha

The root account is, and should be, disabled. There is no need to log in as root.
If you require root-level privileges for any task, use sudo once you've logged in using your admin account. If you need a root shell, then:
sudo -s
is your friend.
There used to be a way to enable the root account under earlier OS versions. There may still be a way to do it in 10.6 but I've never bothered looking since it's not needed.

What is root password ?

Hi there,
I tried a few commands in the X terminal with the sudo prefix and it asked me for the root password.
Does anyone know what it is ?
Cheers
Fred

fhumbert wrote:
Hi there,
I tried a few commands in the X terminal with the sudo prefix and it asked me for the root password.
Does anyone know what it is ?
Cheers
Fred
Just to be pedantic.. if you're using SUdo and it prompts for a password, it is usually asking for YOUR password, not the root password..
that's one of the differences between su and sudo..
sudo will only let you run gainroot (sudo gainroot) which will start a root shell if:
a) you have R&D mode activated, or
b) you have installed the rootsh package
otherwise it will tell you R&D mode isn't active..

Can't enable root access in Lion 10.7.2

Hi all,
I have read this Apple article on enabling root in Lion. It doesn't work for me.
I did a fresh install of Lion 10.7.2 to a formatted drive from a USB thumbdrive. I ran Software Update until there were no more updates.
When I open the "Directory Utility", the padlock shows open, and when I click on it, I am not prompted to authenticate, as the article suggests. In the Edit menu, Enable Root User is grayed out.
Any ideas how I do this?
Thanks.
Mac Pro 2 x 2.66GHz Quad Core Xeon, 12GB RAM

flyboym535i wrote:
To etresoft: Don't you need to enable root access before you can sudo to root in the Terminal? That's what started me down this path in the first place – because I couldn't sudo to root in Terminal. Then I remembered I needed to enable root access.
No, you do not. I think you probably just weren't using sudo correctly. Normally, you just do "sudo /path/to/some/executable <program arguments>". If you are a real daredevil, you can just do "sudo bash" and give yourself a root shell.
I actually submitted an enhancement request to Apple to suggest they improve the root user process. Even when it works (and it doesn't half the time in Lion), it is horribly convoluted. I would prefer it if Lion had something like "Run as" in Windows. Apple's response to my enhancement request was "Why don't you just use sudo?". So I tried again to explain it.
Until there are significant enhancements in this area, "sudo" is the way to go.

Passwod for Root login in Terminal:

It seems I had set up the login password for the Administrator that shows when you start/restart the system different from the root login of the terminal. Is that possible?
I lost my root password, and clueless. My login to the computer using Administrator' name is working fine. But when I enter su at terminal, it asks for the password, and the password seems different from the login password of the administrator. How to reset the root login password?
Please help.

By default, root login is disabled, so no password you enter is going to work.
You can use /Applications/Utilities/NetInfo Manager to enable or disable the root account.
Alternatively, if you really need a root shell, use sudo -s (assuming your account is in the admin group and can use sudo). This is actually the preferred method of obtaining a root shell.

Root password

I may have erased my root password now I try to install but it does not work. after mounting /dev/dsk/c0d0t0s0 /mnt I do cd /mnt. then I type the terminal and do vi. but it said that the terminal is unknown and also I can access shadow to delete the password. what do i do wrong? If somoene know the step please let me know.
Thanks

Hi there,
I do not know how you lost your root passwd but the following is are the steps to recover the root passwd if you have wrongfully
change the shell for the root. I am sure you can use the same steps for your purpose.
Question:
Some root users like to manually change the shell of account root. The most possible mistake is to simply change the default shell "/sbin/sh" to "/sbin/ksh". Thereafter, you will fail to log on the root because of the error of "No shell".
To fix the problem, the only way is to change root shell from /sbin/ksh to /usr/bin/ksh in /etc/passwd. Since the /etc/passwd is owned by root and you can not log on as root any more, so how to solve the problem ?
The problem is caused because the user does not know there are no other shells but Bourne Shell in /sbin. Therefore the system can not find /sbin/ksh and you fail to log on the root because of "No shell".
/sbin/sh is a hard copy under root (/) file system to make the system usable even before the file system /usr is mounted. It is very useful for system maintenance.
Below is the solution for Solaris Sparc/Intel platform respectively.
Caution: This solution can be also used to break into a system to alter security sensitive files, only authority persons can use it. Any damage caused is under your own responsibility.
For Solaris Intel platform:
1. Note down the root file system, e.g., /dev/dsk/c0t0d0s0
2. Insert installation CD
3. Reboot the system
4. Press ESC at the Press ESCape to interrupt autoboot in 5 seconds prompt.
5. Press the F2 key (F2_Continue) at the Solaris Device Configuration Assistant
screen.
6. Press the F2 key (F2_Continue) at the Identified Devices screen.
7. Select the CD-ROM drive as the boot device from the Boot Solaris screen,then press the F2 key (F2_Continue).
8. Type b -s at the Select the type of installation: prompt.
9. Mount the root file system to /a. E.g.,
# mount /dev/dsk/c0t0d0s0 /a
10. Modify /etc/passwd to correct the mistake by
vi /a/etc/passwd, then change /sbin/ksh to /usr/bin/ksh in root entity
11. Unmount the /a directory and reboot the system.

Lock out 'sudo passwd root'

Hey is there a way to block admin users from changing the root password (ie perform a sudo passwd root command in the terminal)
I don't want to make them a standard user but rather just prohibit them from changing root.

Not easily. It is possible to lock out that command for certain accounts by using visudo to change the sudoers file, but other methods exist to run that command, such as using sudo sh to open a root shell and then changing the password.
(10065)

[SOLVED] Can't find root partition after upgrade

After upgrading to Linux 3.6.6, the boot fails with something like "can't find root, UUID=..." and I get a root shell. Choosing to recovery mode in GRUB doesn't make a difference.
I don't have any sda devices in /dev.
/proc/partitions is empty.
I have Macbook Pro 7,1.
Ubuntu on other partition works.
Any idea how to fix this?
Last edited by dontbugme (2012-11-08 17:53:46)

dontbugme wrote:Now I realize that I did a probably stupid thing. I removed mdadm and lvm2 thinking that I don't need them. So the mdadm kernel module is missing. Could this be the problem? I don't use RAID or LVM.
I don't use these either ... but this does sound like a very plausible cause of this error. Are you sure you aren't using either?
In any case, it's easy enough to add them back and see if that solves this. Boot into live media, chroot, add back the modules to mkinitcpio.conf and rebuild the initramfs. If nothing else this would verify that these are not the problem.

Enabling the root account

Cant quite remember how to enable root under 10.5 now that netinfo manager is gone. I know it was mentioned in a session at WWDC, however, I am on the road and don't have my note book with me.
I'll keep playing around to see if i stumble across it, if i do i will post at my next stop (have a few on the way back - no direct flights).
Thanks for any help.

In the Terminal logged in as an admin user type:
sudo passwd -u root
BUT:
I don't see any point in doing that!
You can easily switch to root privileges using the "sudo" command and if you want a root-shell for convenience, you can always use either "sudo -s" or "sudo bash".
HTH
D

Solutions for access as ROOT for RAC DBA duties

Our Networking Team and Applications Team are going through some growing pains. We are trying to resolve what permissions should be given to a RAC DBA. Our RAC DBA is responsible for Oracle Clusterware, Oracle Automatic Storage
Management and Oracle RDBMS software. The OS, Server and Storage Subsystem are the responsibility of the System Administrator. We have the following Environment:
Production and Test (RAC)
Oracle Enterprise Linux 5 update 2
Oracle Clusterware 11.2.0.2 -- Grid Infrastructure
Oracle ASM 11.2.0.2
Oracle Database 11.2.0.2 EE
Development (Single Instance)
Oracle Enterprise Linux 5 update 2
Oracle ASM 11.2.0.2 -- Grid Infrastructure
Oracle Database 11.2.0.2 EE
As the RAC DBA, I have identified the following areas that require ROOT for RAC and Single Instance DB's; however, I understand there may be more:
diagcollection.pl
- diagnostic tool for Oracle Clusterware and may be requested by Oracle Support
ocrconfig
- to repair ocr configuration issue (add, replace and remove requires root)
srvctl modify
- required root to change ip address
tar
- TAR Grid Infrastructure Directory structure preserving files with ROOT ownership
cluvfy
- cluvfy fix it scripts need to run as ROOT
- some cluvfy commands under 11gr1 would only run properly for -post cfs check as ROOT in our last installation
ASM Libraries
- ROOT required to install and configure ASM libraries
fdisk - l
- this is used to see disks attached which is relevant when ASM disks are not mounted
/etc/sysconfig/oracleasm
- oracleasm loading configuration file
/usr/sbin/oracleasm
- to make disks available to ASMLIB (scandisks etc.)
/usr/sbin/asmtool
- asm config tool due to bug
asm cluster file system
- some commands require ROOT (mounting etc.)
- acfsutil
/var/log/messages
- loading errors ohas and oracleasm would be logged here
cvuqdisk
- needs to be loaded for new install
root.sh
- script needed to run at install, upgrades and patching
oraInstRoot.sh
- script needed to run at install
rootupgrade.sh
- upgrade script
roothas.pl
- upgrade script
ocrcheck
- check for ocr corruption
- corrupt check portion requires ROOT
- oracle local registry
Grid Infrstructure
- .runInstaller from Grid Infrastructure
- includes upgrades
asm configuration assistant (asmca)
- configuration of asm diskgroups
- vol mgr for asm disks
ocrconfig
- ocr configuration tool
- ocr import
- ocr export
- oracle local registry
ocrdump
- used to check ocr backup file
- oracle local registry
opatch
- patching grid control requires ROOT
crsctl
- Startup and Shutdown Oracle Clusterware, Oracle ASM and Database/Instance
- restore voting disk
- restore ocr
- set log for dynamic debugging
- check install periodically
srvctl
- modify nodeapps (ex. ip address change)
- add filesystem (acfs)
What solutions have people found so that RAC DBA can perform responsibilites yet not have ROOT password?

In all the environments I've worked in, I either had direct su access with knowledge of the root password or used sudo. I really can't imagine an environment that would require something other than either of those two options.
In places with stricter auditing requirements we used sudo in conjunction with the sudosh shell wrapper to log all activities to syslog, but this was used by everyone and not just the DBA
Is SUDO the only solutuion? Every command need to be entered into SUDO config files that necessitates ROOT access.
As I demonstrated in the other thread, giving the oracle user sudo access to files that are writable by the oracle user (eg. root.sh) gives them the ability to access to a root shell. It is good to implement a "minimum privileges necessary" policy in your organization but it has to be within reason. The minimum privilege necessary for running and maintaining CRS is root.
Edited by: AllYourDataBase on Apr 18, 2011 1:44 PM

Enabling root

cant enable root password after following these instructions
when i do su and put the password i set i get
password:
su: Sorry
any idea what am i doing wrong
From the Finder's Go menu, choose Utilities.
Open Directory Utility.
Click the lock in the Directory Utility window.
Enter an administrator account name and password, then click OK.
Choose Enable Root User from the Edit menu.
Enter the root password you wish to use in both the Password and Verify fields, then click OK.

if your account is listed as admin in system preferences->accounts then you ARE authorized to use sudo. the instructions to enable the root user using Directory Utility you quoted were the correct ones but I can't understand what you were doing with su. su is not used to enable the root password.
In particular, simply entering
su
will do nothing. consult
man su
for usage of su.
if the root user is already enabled then you can switch to root shell using
su root
but root user has to be enabled for this first. but you don't have to enable root to execute commands as root. you can just use sudo with your admin password.

Escalating to a root shell

Similar Messages

Maybe you are looking for