Shell Script Authentication
How do you make like a dialogue box appear when I am using sudo scripts?
It might be helpful if you could provide a bit more detail about the goal. Your original question asked about an actual password dialogue, but if there is someone there to enter an "admin" password, why can't they use the "Accounts" pref pane? For example, I could see this being the case if the current account was "managed" with access to secure pref panes restricted, but a few posts later, your example of 'sudo passwd admin' implies that it is an "admin" account's password that is to be changed. But why would an "admin" want to change their password from a "managed" account... Without knowing what exactly the goal is, it is difficult to provide meaningful suggestions.
But speaking more generally, changing 'do shell script "sudo ..."' to 'tell application "Terminal" to do script "sudo ..."' should cause a "Terminal" window to open, with a password prompt in a command line interface.
Alternatively, rather than using 'sudo' in "do shell script" statements, it is possible to use "with administrator privileges" to avoid the need for the interactive password (and don't combine 'sudo' with "with administrative privileges" because it is apparently insecure).
http://developer.apple.com/technotes/tn2002/tn2065.html
To incorporate a password dialog into a "do shell script ... with administrative privileges" statement, you could use Tiger's new "hidden answer" option in the standard "display dialog" statement. While this does obscure the password, I don't think it is particularly secure either.
Finally, 'passwd' also requires an interactive password, whereas 'dscl' doesn't with some options, (nor does 'pwpolicy' but that won't work unless password policy options are enabled), so 'dscl' might be more suitable in a script. However, options where the password is provided in the command are also less secure since theoretically the password could be viewed in plain text by someone running 'ps' at the right time...
Similar Messages
-
How Can i get PLSQL Procedure out values in Shell Script?
Hi,
I need to use PLSQL Procedure out values in shell script by using that parameter i need to check and call the other procedure. Please can you guide me how can i?
#!/bin/ksh
# Function to call validation program
SQL_PKG_CALL()
echo "Inside SQL_PKG_CALL for $file"
sqlplus -s /nolog << EOF
whenever sqlerror exit failure
connect ${APPS_LOGIN}
variable exit_value NUMBER
set serveroutput on size 100000
DECLARE
l_errbuf VARCHAR2(10000) := NULL; l_retcode NUMBER := NULL;lv_test VARCHAR2(4000) := NULL;
BEGIN
fnd_global.apps_initialize ( USER_ID => ${USER_ID}, RESP_ID => ${RESP_ID}, RESP_APPL_ID => ${RESP_APPL_ID}
, SECURITY_GROUP_ID => ${SECURITY_GROUP_ID}
#Calling PLSQL procedure for create and attache document
XXAFPEEP_SO_DOC_ATTACH_INT.DOCUMENT_ATTACH (p_errbuf => l_errbuf, p_retcode => :RETMSG, p_fileName => $file
, p_debug => 'Y', p_rettest => lv_test);
# to print the procedure return values
DBMS_OUT.PUT_LINE('Return Message: '|| lv_test);
#${RETCODE}=l_retcode;
print :RETMSG;
END;
EXIT 0
EOF
# Program starts here
echo "+---------------------------------------------------------------------------+"
echo "Program Start"
APPS_LOGIN=${1} # Apps Login
USER_ID=${2} # User ID
RESP_ID=${5} # Responsiblity ID
RESP_APPL_ID=${6} # Responsiblity Application ID
SECURITY_GROUP_ID=${7} # Security Group ID
DIRECTORY_PATH=${8} # Directory --Attached file locations
DIRECTORY_NAME=${9} # Directory Name for plsql
echo "User ID : $USER_ID"
echo "Responsibility ID : $RESP_ID"
echo "Responsibilith Application ID : $RESP_APPL_ID"
echo "Security Goup ID : $SECURITY_GROUP_ID"
echo "Directory Path : $DIRECTORY_PATH"
echo "Direcotry Name : $DIRECTORY_NAME"
echo
#files direcotry
cd $DIRECTORY_PATH
echo Present Working Directory: `pwd`
echo
#for all file names
ALL_FILES=`ls *.pdf`
for file in $ALL_FILES
do
if [ -f $file ]
then
#log "Processing $file" # future
echo Processing: $file
# Calling the PL/SQL Program
SQL_PKG_CALL;
#echo "Retcode : $RETCODE"
echo "RetMessage : $RETMSG"
else
log "Skipped $file: invalid file"
echo "Skipping current file $file: not a valid file."
fi
done
Thanks
SudheerSaubhik's provided the solution, but just for fun:
Test procedure:
create or replace procedure get_ename
( p_empno in emp.empno%type
, p_ename_out out emp.ename%type )
is
begin
select ename into p_ename_out
from emp
where empno = p_empno;
end get_ename;Test data:
SQL> select empno, ename from emp order by 1;
EMPNO ENAME
7369 SMITH
7499 ALLEN
7521 WARD
7566 JONES
7654 MARTIN
7698 BLAKE
7782 CLARK
7788 SCOTT
7839 KING
7844 TURNER
7876 ADAMS
7900 JAMES
7902 FORD
7934 MILLER
14 rows selectedTest call from SQL*Plus to show it working:
SQL> declare
2 v_ename emp.ename%type;
3 begin
4 get_ename(7844,v_ename);
5 dbms_output.put_line(v_ename);
6 end;
7 /
TURNER
PL/SQL procedure successfully completed.Demo shellscript (borrowing the function idea from Saubhik):
#!/bin/ksh
empno=${1:-NULL}
exec_sql() {
sqlplus -s william/w@//vm.starbase.local:1521/eleven <<END_SQL
spool get_out_value.sh.log
set serverout on size 2000 feedback off
declare
v_name emp.ename%type;
begin
get_ename(${empno},v_name);
dbms_output.put_line('# ' || v_name);
end;
spool off
exit
END_SQL
ename=$(exec_sql ${empno} | awk '/^# / {print $2}')
print Employee ${empno} = ${ename}Demo:
/Users/williamr: get_out_value.sh 7844
Employee 7844 = TURNER
/Users/williamr: get_out_value.sh
Employee NULL =Note this substitutes the word NULL if no empno is passed, and it ignores error output or anything else by only looking for lines beginning '# ' and then taking the following word. Error messages will appear in the logfile. (In this example it probably doesn't need the NULL substitution because a missing parameter would cause a syntax error which the script will handle anyway, but it could be useful in more complex examples.)
For a production script you should probably use an OS authenticated account so you don't have to deal with password strings. -
Encrypting password in shell script on Solaris 10.
Hi,
I have a shell script & in that the username & password is specified. I can see the password. Is there any way to encrpyt password in Unix scripts on solaris 10 box.
Please suggest.
Thanks & Regards,
TejasHere are some examples of avoiding passwords in scripts.
First, if it's a script that needs to use remote login, you could set up ssh keys in the authorized_keys file of the remote system to allow auto-authentication.
As a more general example, you could create a shell function that prompts for the password and stores it in an environment variable to be used by the script or utility that you want to use. Here is an example that we use in our Red Hat systems to allow yum to tunnel through our http proxy:
function yumproxy(){
echo -n "Enter Proxy Username: "
read -e username
echo -n "Enter Proxy Password: "
read -es password
echo
export http_proxy="http://$username:$password@ourproxyserver:8080/"
}This is in .bashrc so that we can run it once just before running any yum commands (not that this means anything in a Solaris forum!) -
Accessing Shell script form Safari
Hello All,
I have a shell script that i use for rdp. At the moment when i run "connect.sh rdp://myserver" from command line, it works perfectly calling rdesktop and querying the authentication servers.
However i have been trying to use the automator (Utilities > Run Shell Script) to allow me click on rdp links on webpages but i cant seem to get it to work.
Please can anyone help with this?
ThanksI'm not sure if I understand your reply about my response. But perhaps you'll find the "sudo" command helpful, which unlike the "su" command, will prompt the users for their own password, or no password according to /etc/sudoers. You use the "visudo" command to edit the file. The sudo command is normally used to run system administration tasks, without giving the user the root password but it can also be used to give access only to certain commands. The -u option causes sudo to run the specified command as a user other than root. I have not used "sudoers" for anything else but root, but there are plenty of examples and tutorials on the web that might help you.
-
Quick question with a quick answer, how can I make my shell script enter the login password to my remote server?
Ex.
#!/bin/sh
ssh (user)@(ip here)
(enter password)
...and so on...In addition to using keys. it would be advisable to limit what commands can be run using
the key.
see: sshd(8): under the "AUTHORIZED_KEYS FILE FORMAT" section.
command="command"
Specifies that the command is executed whenever this
key is used for authentication. The command supplied
by the user (if any) is ignored. The command is run on
a pty if the client requests a pty; otherwise it is run
without a tty. If an 8-bit clean channel is required,
one must not request a pty or should specify no-pty. A
quote may be included in the command by quoting it with
a backslash. This option might be useful to restrict
certain public keys to perform just a specific
operation. An example might be a key that permits
remote backups but nothing else. Note that the client
may specify TCP/IP and/or X11 forwarding unless they
are explicitly prohibited. Note that this option
applies to shell, command or subsystem execution. -
Calling linux / unix shell scripts from APEX
Hi -- I'm doing some prototyping, and would like to try calling a unix shell script on the server from within APEX.
Is this possible? Maybe thru Javascript? Other ways? Not sure if it's possible thru pl/sql.
FYI, I'm attempting to check username/password specified at login to see if it's a valid login
to another database (also specified at login). If there's an easier way to do this, I'd love to hear it!
We're highly motivated to have a single apex app work on multiple databases -- largely because of a lack of
administration resources on the other databases. All databases are accessible via database links from
the apex server (the links are necessary to implement other business rules), and I know I can get
the DML working. Powers that be prefer that Database Account authentication (or a facsimile thereof)
be used. I suspect I'm opening myself up to lots of criticism by disclosing this ... :)
Thanks for any ideas,
CarolR -- If I understand you correctly, a pl/sql process in APEX could invoke a java program on the server. Is that correct?
If so, is there any reason it couldn't just call a unix shell script? Seems they're both just executables recognized by the OS....
I know I called unix scripts from embedded sql a billion years ago, but don't recall the method for doing that. What is
the syntax I'd use in apex / pl/sql?
thanks,
Carol -
How to Prompt for User/Pass Running Shell Script Remotely through ARD
So I finally got my Active Directory Script working! However, I realized that I'm not the only one going to be running this script and to have my user name and password in the script itself is beyond foolish. While I know it's possible just to have whoever's running the script to manually add their username and password, I'd prefer to have prompts to make things easier for the rest of my team.
Here's my current script. I've tested it on the machine I'm connecting to Active Directory and it works fine if you run it on the machine itself in terminal. However, I'm going to be doing this on about 150 machines and the whole point of the script is to do it remotely.
#! /bin/bash
MACNAME=$(scutil --get ComputerName)
read -p "User Name: " USER
read -p "Password for $USER: " PASS
dsconfigad -add "CORP.DOMAIN.NET" \
-username $USER \
-password $PASS \
-computer $MACNAME \
-mobile disable \
-mobileconfirm disable \
-localhome enable \
-useuncpath enable \
-shell /bin/bash \
-ou OU=Macs,CN=Computers,DC=corp,DC=DOMAIN,DC=net \
-force \
-localpassword "PASSWORD" \
-groups "GROUPS"
When I run the UNIX script through ARD to a machine, I get no prompts for USER or PASS. In fact, it gives me the following error "dsconfigad: Authentication server encountered an error while attempting the requested operation. (5202)" So it's not asking for a user name and password.
Is there any way to make a shell script prompt you for a User Name and Password when you're sending commands remotely through ARD? Or is there another way to do this?
Any suggestions would be greatly appreciated.
-rksBest solution is to create an account that is exclusive to binding machines. By doing this, you can embed the user name and password in the script. Heck, you can post it on your website. If the account is configured properly, it will only be able to create machine records in a defined container. If you are mixing Macs and PCs in your AD domain, I also recommend creating an isolated container for your Mac records. Now, the account has even less access rights as you can make it so it only has rights to the Mac container.
Otherwise, ARD does not prompt. You can play around with an expect script but the reality is that you are still embedding the credentials in the script so it really does not achieve what you want. ARD is not an interactive shell scripting tool. It is more a fire and forget.
Reid
Apple Consultants Network
Apple Professional Services
Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store -
How execute a remote shell script
Hi,
i'm in the instance A and i need to execute a shell script in the instance B.
It's possible?
my db is in 10.2.0.4
tnxdavyp74 wrote:
i'm in the instance A and i need to execute a shell script in the instance B.
It's possible?
my db is in 10.2.0.4Yes. Fairly easy - but there are functionality and security issues that must be considered.
Executing remote shell scripts are the easiest done using ssh and RSA key authentication. On server A, in the oracle user, you need to generate a RSA key for the account using "+ssh-keygen -t rsa+".
A private and public key will be generated in the +/home/oracle/.ssh+ directory. The contents of the public key needs to be copy and pasted into the oracle account on server B, into file +/home/oracle/.ssh/authorized_keys+.
Next you need to accept the signature of server B on server A (thiswill be stored in A in +/home/oracle/.ssh/known_hosts+ ). Simply ssh from A to B using command "+ssh oracle@B+" and accept the signature. The ssh attempt should work and not prompt for a password as RSA authentication is used (server B trust server A and accepts its private key as authentication).
Now you can execute the remote script (fully automated in the background) as follows: ssh oracle@B /software/scripts/foo.sh".
The next step is running this command from within the Oracle instance on A - this can be done using a custom Java stored proc (for accessing the command line) or via +DBMS_SCHEDULER+ as an external program. -
Hardcode password in a do shell script not working
I have been trying to solve something i have wanted to do for a long time, that is get a script that changes the ammount of time before the display goes to sleep. I tried GUi scripting but in system preferences the changes made to the slider did not stay. So i have now come onto a do shell script. Found below. I would prefer to just hardcode my password into it however this does not seem to work. Any ideas ?
set exitflag to false
try
repeat until exitflag is true
set {text returned:Sleeptime, button returned:sleepstate} to (display dialog "Minutes before display sleep" & return & "Between 1 and 180 mintues" & return & "Greater than 180 means never sleep" default answer "1" buttons {"Cancel", "OK"} default button 2)
set Sleeptime to Sleeptime as number
if Sleeptime is less than 1 then
set exitflag to false
else if Sleeptime is greater than 180 then
set Sleeptime to 0
set exitflag to true
else
set exitflag to true
end if
end repeat
end try
set Sleeptime1 to Sleeptime as string
set Sleeptime1 to quoted form of Sleeptime1
set psswd to quoted form of "XXXXX"
do shell script "sudo pmset -a displaysleep " & Sleeptime1 password psswd
set pete to do shell script "sudo pmset -g"
set xx to text -2 thru -1 of pete
if xx - Sleeptime = 0 then
tell application "SEC Helper"
show screen message "Worked:" & return & xx & " mintues"
end tell
else
tell application "SEC Helper"
show screen message "Failed!"
end tell
end if1) don't use 'sudo' in a 'do shell script'. It isn't necessary and will sometimes break.
2) do not use 'sudo' in a 'do shell script'
3) do not use... I'm sure you get the idea.
It is not necessary to use 'sudo' in a 'do shell script' command. 'do shell script' itself takes care of the authentication element when you use 'with administrator privileges'. Therefore the appropriate way of doing this is:
<pre class=command>do shell script "pmset -g displaysleep " & sleeptime1 with administrator privileges password psswd</pre>
If you omit the 'password psswd' element the user will be prompted to authenticate using the standard system authentication dialog.
The problem you're running into is that the 'password' parameter is only valid when you use 'with adminitrator privileges', and is therefore getting ignored in your current script. -
Hi
We have many shell scripts running on Solaris 9/10 OS. We need to encrypt them so nobody would be able to read them. I tried "Shell guard fstsg", able to create binary executable but execution of binary file fails sometimes. So, thought SHC (shell script compiler) would do for me but getting errors while compiling and install the SHC source code on solaris.
If anyone succeeded installing shc on solaris, please provide me with procedure.
It would be great if i could get SHC binaries for Solaris or any other solution.
Please advise.
Thanks
PrvnLet me guess - you have passwords embedded in your scripts?
Creating an executable from a shell using some 3rd party tool probably won't give you any protection at all, since the password will still be in "plain text" in the data segment of the executable.
And you obviously cannot execute encrypted code.
Your best bet is to reexamine your authentication policies and use something more secure than a scripted password, like SSH public key authentication. -
Hello All,
When i try to rlogin using a shell script I am getting the error : Connection closed by foreign host.
I have wriiten the shell script as :
user=xyz
passwd=xyz
host=192.168.168.55
sleep 2
echo "$passwd"; sleep 2
) | rlogin -l "$user" "$host"
But, when i try to login from the command prompt , it is displaying the result correctly. I have run the scripts from my HOME directory /export/home/vivek.
I want to know how to come up with the problem.
Thanks and Regards,
VIvekDo you have a actual requirement to use rlogin as your shell based login capability ? If not, you should really use ssh instead and setup priv/pub key authentication between your two boxes.
Otherwise you might want to look into using a .rhosts file in your home directory on the remote system.
It might also work if you use a HERE document. I haven't used rlogin in a LONG time so I'm not sure if it will work or not. -
Trying to create a shell script to cut/paste files in finder. Help needed.
I'm trying to create an automator shell script to cut/paste. It'll function exactly like copy/paste. i.e. I'll just copy file/files with command+c like always, but then I'll create an automator which uses the "mv" terminal app to move the files which works exactly like cut paste.
I need some help since I don't know the syntax for creating shell scripts.
What I did so far is to do it in automator with Apple Script which goes like the following:
on run {input, parameters}
tell application "Finder"
set theWindow to window 1
set thePath to quoted form of (POSIX path of (target of theWindow as string))
end tell
tell application "Terminal"
do script with command "mv \"" & input & "\"" & thePath in window 1
end tell
return input
end run
This gets the copied file path from clipboard before, as input, and then recognizes the active finder window as thePath so then executes the mv command for the input file to the thePath window.
It doesn't work as expected since it connects both file/window paths into a single path instead of leaving a space between them so the mv command can't recognize two separate paths.
What's the correct syntax for that line
do script with command "mv \"" & input & "\"" & thePath in window 1
to leave a space between input and thePath under the mv command?
Also this requires the terminal app to be open in the background.
After I get this to work I want to do the exact same thing using shell script within automator, so I won't need Terminal to be open all the time.
And the next step will be to cut/paste multiple files/folders but that should be easy to do once I get the hang of it.Try using:
on run {input, parameters}
tell application "Finder"
set theWindow to window 1
set thePath to quoted form of (POSIX path of (target of theWindow as string))
end tell
do shell script "mv \"" & input & "\" " & thePath
return input
end run
(45977) -
How to call shell script from a pl/sql procedure
Hi all,
I am little bit new to plsql programming, i have a small problem as follows
I have to call a shell script from a pl/sql procedure ..
Please suggest me some methods in oracle 10g, which i could make use of to achieve my goal. also please tell me what are the constraints for those methods if any.
I already came across dbms_scheduler, but i have got a problem and its nor executing properly its exiting giving 255 error or saying that permission problem, but i have already given full access to my shell scripts.
Thanks in advance
Best Regards
SatyaHi,
Read this thread, perhaps is there your response :
Host...
Nicolas. -
I have a program that I run via Terminal, but I don't want a terminal window open while I run it (Just personal preference). I have an applescript set up to run the Terminal command, but the thing is that the command is "on" while the program is running, Is there some way that I can have the command go and then end the script wihtout closing the program? Or am I out of luck and have to have the Terminal window open?
The program I am using is located here http://sites.google.com/site/sc2gears/
Thanks for the help!The program is distributed (according to the docs) as a .command file, so you can get the efect you want like so:
do shell script "/Users/yourname/further/path/Sc2gears-os-x.command &> /dev/null &"
the &> /dev/null tells applescript that you don't care about any output, so it moves on to the next command, and the closing & sets the process up as a standalone. Note:
If the process doesn't close itself automatically you'll need a separate way of doing that
if the process produces output you want to keep, don't use /dev/null - use an appropriate file path
(obviously) '/Users/yourname/further/path' needs to be replaced with the correct path to the command, and needs to be single-quoted/escaped if it contains spaces or other unix-confounding characters -
How to retrive ip address of connected device in shell script or applescript
Hi all,
From Mac PC, how to get ip address of connected device in shell script or applescript.
there is any way to launch an app on ipad in shell script or applescript.
thank you in advance for your help
MickaelHi all,
From Mac PC, how to get ip address of connected device in shell script or applescript.
there is any way to launch an app on ipad in shell script or applescript.
thank you in advance for your help
Mickael
Maybe you are looking for
-
Is it possible to cusomize the layout of the manual ordering dialog?
Hello all, I have a question about the layout for manual ordering. The user should be able to order folders under a specific path manually. So I create a new layout set and add the UI Command "order_type_settings". So far, everything works fine. My q
-
Is there a way to either run a "Score" thing in Keynote, or a text box that can be typed in during the presentation?
-
MESSENGER ON FACEBOOK TELLS ME SAFARI does not work for video calls or messages any more and to swap to a Windows or Google Chrome to use. Is this true?
-
Can you link a app to a command?
Hello guys, I was wondering today, "Can you link a app to a command?" like if i do Command+B i open my twitter app, is this possible and if so how?? Dutchkid00
-
Hello I'm looking the way to change the color of a template based button, in example "Button, Alternative 3", or create a new template as I like. I know the template is based in the concatenation of three images, but I don't found these images in the