system() with 2 commands

Discussion in 'Perl Misc' started by sitnam81, Apr 21, 2005.

  1. sitnam81

    sitnam81 Guest

    Base question
    --------
    Is there a way to perform 2 commands via system()? I would like to
    execute a "sudo - root" and then "useradd" (or perhaps a script that
    does the "useradd")?

    Details
    -------
    I am relatively new to perl, and I am writing a cgi-script that will be
    a front end for adding a user -- it takes input from a form (username,
    UID, group, password) and performs in a loop across other servers:

    system("ssh", "-l", $user, "-q", $SERVER{$loop}, $addcommand, "| 2>&1
    >/dev/null");


    I was able to get this working, but the $addcommand is a simple "cat of
    a file into a temp file" to confirm it works. I need to perform a
    "useradd" with all the options as the root user. The script is run as
    a different user, so I will need to su to root (add su - root in
    sudoers), and then perform the "useradd" command passing all the
    arguements.
    sitnam81, Apr 21, 2005
    #1
    1. Advertising

  2. sitnam81

    Axel Guest

    sitnam81 <> wrote:
    > Base question
    > --------
    > Is there a way to perform 2 commands via system()? I would like to
    > execute a "sudo - root" and then "useradd" (or perhaps a script that
    > does the "useradd")?


    I think you may be confusing 'su' and 'sudo'. With the latter, the
    command to be executed is provided at the same time:

    sudo -u root useradd

    Where you will run into problems is when the stage when you asked for
    the root password.

    You should look at the Expect.pm module.

    Axel
    Axel, Apr 21, 2005
    #2
    1. Advertising

  3. sitnam81

    sitnam81 Guest

    Does that command work -- "sudo -u root"?
    The man for root says -u is for any user OTHER than root:
    -u The -u (user) option causes sudo to run the specified
    command as a user other than root. To specify a uid
    instead of a username, use "#uid".
    Thanks for the recommendation about expect, this looks like it will
    help with the passwd stuff.
    sitnam81, Apr 22, 2005
    #3
  4. sitnam81

    sitnam81 Guest

    Also the script is giving me errors when i use the ";" between
    commands:

    $command = "sudo /usr/bin/su - root";
    $command2 = "mv $file1 $file2";
    $sshserver = servername;
    $user = username;
    system("ssh", "-l", $user, "-q", $sshserver, $command;$command2);

    # ./rsh-test.cgi
    syntax error at ./rsh-test.cgi line 24, near "$command;"
    syntax error at ./rsh-test.cgi line 24, near "$command2)"
    Execution of ./rsh-test.cgi aborted due to compilation errors.

    Do you know why this is erroring?

    Thanks!
    sitnam81, Apr 22, 2005
    #4
  5. sitnam81

    J. Gleixner Guest

    sitnam81 wrote:
    > Also the script is giving me errors when i use the ";" between
    > commands:
    >
    > $command = "sudo /usr/bin/su - root";
    > $command2 = "mv $file1 $file2";
    > $sshserver = servername;
    > $user = username;
    > system("ssh", "-l", $user, "-q", $sshserver, $command;$command2);
    >
    > # ./rsh-test.cgi
    > syntax error at ./rsh-test.cgi line 24, near "$command;"
    > syntax error at ./rsh-test.cgi line 24, near "$command2)"
    > Execution of ./rsh-test.cgi aborted due to compilation errors.
    >
    > Do you know why this is erroring?


    Post real code!

    Ahhh.. it's a syntax error on line 24... Look on line 24. :)

    system('ssh', '-l', $user, '-q', $sshserver, "$command;$command2");

    A simpler & slightly less secure approach would be to set up root's ssh
    keys (authorized_keys) to let you connect to $sshserver as root. That
    way you don't have to run the sudo. If you're going to stick to using
    sudo, simply run "sudo mv $file1 $file2", the "su -" will put you into
    ~root.

    Based on the above code, I'd strongly suggest that you read up on sudo
    and su before doing or allowing things to be done as root. If I saw
    someone trying to do the above on a machine of mine, I'd quickly remove
    them from sudoers.
    J. Gleixner, Apr 22, 2005
    #5
  6. sitnam81 <> wrote:

    > $sshserver = servername;



    You should always enable warnings when developing Perl code!

    You should put quotes around strings.


    > system("ssh", "-l", $user, "-q", $sshserver, $command;$command2);
    >
    > # ./rsh-test.cgi
    > syntax error at ./rsh-test.cgi line 24, near "$command;"
    > syntax error at ./rsh-test.cgi line 24, near "$command2)"
    > Execution of ./rsh-test.cgi aborted due to compilation errors.
    >
    > Do you know why this is erroring?



    Yes, it is because you are not putting quotes around your strings.


    --
    Tad McClellan SGML consulting
    Perl programming
    Fort Worth, Texas
    Tad McClellan, Apr 22, 2005
    #6
  7. In article <>, sitnam81
    wrote:
    > Does that command work -- "sudo -u root"?
    > The man for root says -u is for any user OTHER than root:
    > -u The -u (user) option causes sudo to run the specified
    > command as a user other than root. To specify a uid
    > instead of a username, use "#uid".
    > Thanks for the recommendation about expect, this looks like it will
    > help with the passwd stuff.


    It should work just fine. Typically, '-u root' is redundant because the default
    user to run as *is* root...

    Kevin


    --
    Unix Guy Consulting, LLC
    Unix and Linux Automation, Shell, Perl and CGI scripting
    http://www.unix-guy.com
    Kevin Collins, Apr 22, 2005
    #7
  8. sitnam81

    Axel Guest

    sitnam81 <> wrote:
    > Does that command work -- "sudo -u root"?
    > The man for root says -u is for any user OTHER than root:
    > -u The -u (user) option causes sudo to run the specified
    > command as a user other than root. To specify a uid
    > instead of a username, use "#uid".


    It works (at least on MAC OS X) - but you are right, 'sudo' on its
    own is sufficient.

    Axel
    Axel, Apr 22, 2005
    #8
  9. sitnam81

    sitnam81 Guest

    I would love to do this as a non-root user, but I have been
    unsuccessful in the future in allow another user to execute a command
    (in this case useradd) with variable parameters. Also, I do have ssh
    keys setup, but for a non root user -- therefore, I when I ssh into a
    server I am not root, but I need to perform a useradd...

    Is there a way I could do the following in sudoers (passing the
    username/UID/group):

    Cmnd_Alias USERADD=useradd -d /export/home/$1 -u $2 -g $3 -s /bin/bash
    -m $1

    Since I have been unsuccessfule setting up stuff in sudoers with
    variable parameters, I figured that I was forced to ssh as a non-root
    user, swith to root, and then perform the useradd with the parameters
    input from the front-end form.
    sitnam81, Apr 22, 2005
    #9
  10. sitnam81

    Joe Smith Guest

    sitnam81 wrote:
    > I do have ssh
    > keys setup, but for a non root user -- therefore, I when I ssh into a
    > server I am not root


    Well, what's stopping you from setting up keys for root access?

    root# cat ~user/.ssh/id_root.pub >> ~root/.ssh/authorized_keys
    user% ssh -i ~/.ssh/id_root root@localhost
    Joe Smith, Apr 23, 2005
    #10
  11. sitnam81

    Axel Guest

    Joe Smith <> wrote:
    > sitnam81 wrote:
    >> I do have ssh
    >> keys setup, but for a non root user -- therefore, I when I ssh into a
    >> server I am not root


    > Well, what's stopping you from setting up keys for root access?
    >
    > root# cat ~user/.ssh/id_root.pub >> ~root/.ssh/authorized_keys
    > user% ssh -i ~/.ssh/id_root root@localhost


    Because it is a security hole.

    At least being able to ssh in as a non-root user and then execute a sudo
    command means that full root access is not required. The sudo can be
    limited to allow specific commands.

    Axel
    Axel, Apr 24, 2005
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. caleb
    Replies:
    0
    Views:
    2,867
    caleb
    Jan 3, 2006
  2. Ben Pfaff

    Re: man pages for C commands (GCC commands)

    Ben Pfaff, Jun 24, 2003, in forum: C Programming
    Replies:
    4
    Views:
    3,946
    Thomas Stegen
    Jun 28, 2003
  3. jon c
    Replies:
    0
    Views:
    407
    jon c
    Feb 11, 2004
  4. Tim Stanka
    Replies:
    1
    Views:
    784
    Jeff Epler
    Aug 2, 2004
  5. twsnnva
    Replies:
    6
    Views:
    925
    Cliff Wells
    Sep 11, 2004
Loading...

Share This Page