system() with 2 commands

[sitnam81]

Base question
--------
Is there a way to perform 2 commands via system()? I would like to
execute a "sudo - root" and then "useradd" (or perhaps a script that
does the "useradd")?

Details
-------
I am relatively new to perl, and I am writing a cgi-script that will be
a front end for adding a user -- it takes input from a form (username,
UID, group, password) and performs in a loop across other servers:

system("ssh", "-l", $user, "-q", $SERVER{$loop}, $addcommand, "| 2>&1

/dev/null");

I was able to get this working, but the $addcommand is a simple "cat of
a file into a temp file" to confirm it works. I need to perform a
"useradd" with all the options as the root user. The script is run as
a different user, so I will need to su to root (add su - root in
sudoers), and then perform the "useradd" command passing all the
arguements.

 

[Axel]

Base question

I think you may be confusing 'su' and 'sudo'. With the latter, the
command to be executed is provided at the same time:

sudo -u root useradd

Where you will run into problems is when the stage when you asked for
the root password.

You should look at the Expect.pm module.

Axel

 

[sitnam81]

Does that command work -- "sudo -u root"?
The man for root says -u is for any user OTHER than root:
-u The -u (user) option causes sudo to run the specified
command as a user other than root. To specify a uid
instead of a username, use "#uid".
Thanks for the recommendation about expect, this looks like it will
help with the passwd stuff.

 

[sitnam81]

Also the script is giving me errors when i use the ";" between
commands:

$command = "sudo /usr/bin/su - root";
$command2 = "mv $file1 $file2";
$sshserver = servername;
$user = username;
system("ssh", "-l", $user, "-q", $sshserver, $command;$command2);

# ./rsh-test.cgi
syntax error at ./rsh-test.cgi line 24, near "$command;"
syntax error at ./rsh-test.cgi line 24, near "$command2)"
Execution of ./rsh-test.cgi aborted due to compilation errors.

Do you know why this is erroring?

Thanks!

 

[J. Gleixner]

Also the script is giving me errors when i use the ";" between
commands:

$command = "sudo /usr/bin/su - root";
$command2 = "mv $file1 $file2";
$sshserver = servername;
$user = username;
system("ssh", "-l", $user, "-q", $sshserver, $command;$command2);

# ./rsh-test.cgi
syntax error at ./rsh-test.cgi line 24, near "$command;"
syntax error at ./rsh-test.cgi line 24, near "$command2)"
Execution of ./rsh-test.cgi aborted due to compilation errors.

Do you know why this is erroring?

Post real code!

Ahhh.. it's a syntax error on line 24... Look on line 24.

system('ssh', '-l', $user, '-q', $sshserver, "$command;$command2");

A simpler & slightly less secure approach would be to set up root's ssh
keys (authorized_keys) to let you connect to $sshserver as root. That
way you don't have to run the sudo. If you're going to stick to using
sudo, simply run "sudo mv $file1 $file2", the "su -" will put you into
~root.

Based on the above code, I'd strongly suggest that you read up on sudo
and su before doing or allowing things to be done as root. If I saw
someone trying to do the above on a machine of mine, I'd quickly remove
them from sudoers.

 

[Tad McClellan]

$sshserver = servername;

You should always enable warnings when developing Perl code!

You should put quotes around strings.

system("ssh", "-l", $user, "-q", $sshserver, $command;$command2);

# ./rsh-test.cgi
syntax error at ./rsh-test.cgi line 24, near "$command;"
syntax error at ./rsh-test.cgi line 24, near "$command2)"
Execution of ./rsh-test.cgi aborted due to compilation errors.

Do you know why this is erroring?

Yes, it is because you are not putting quotes around your strings.

 

[Kevin Collins]

Does that command work -- "sudo -u root"?
The man for root says -u is for any user OTHER than root:
-u The -u (user) option causes sudo to run the specified
command as a user other than root. To specify a uid
instead of a username, use "#uid".
Thanks for the recommendation about expect, this looks like it will
help with the passwd stuff.

It should work just fine. Typically, '-u root' is redundant because the default
user to run as *is* root...

Kevin

 

[Axel]

Does that command work -- "sudo -u root"?
The man for root says -u is for any user OTHER than root:
-u The -u (user) option causes sudo to run the specified
command as a user other than root. To specify a uid
instead of a username, use "#uid".

It works (at least on MAC OS X) - but you are right, 'sudo' on its
own is sufficient.

Axel

 

[sitnam81]

I would love to do this as a non-root user, but I have been
unsuccessful in the future in allow another user to execute a command
(in this case useradd) with variable parameters. Also, I do have ssh
keys setup, but for a non root user -- therefore, I when I ssh into a
server I am not root, but I need to perform a useradd...

Is there a way I could do the following in sudoers (passing the
username/UID/group):

Cmnd_Alias USERADD=useradd -d /export/home/$1 -u $2 -g $3 -s /bin/bash
-m $1

Since I have been unsuccessfule setting up stuff in sudoers with
variable parameters, I figured that I was forced to ssh as a non-root
user, swith to root, and then perform the useradd with the parameters
input from the front-end form.

 

[Joe Smith]

I do have ssh
keys setup, but for a non root user -- therefore, I when I ssh into a
server I am not root

Well, what's stopping you from setting up keys for root access?

root# cat ~user/.ssh/id_root.pub >> ~root/.ssh/authorized_keys
user% ssh -i ~/.ssh/id_root root@localhost

 

[Axel]

Well, what's stopping you from setting up keys for root access?

root# cat ~user/.ssh/id_root.pub >> ~root/.ssh/authorized_keys
user% ssh -i ~/.ssh/id_root root@localhost

Because it is a security hole.

At least being able to ssh in as a non-root user and then execute a sudo
command means that full root access is not required. The sudo can be
limited to allow specific commands.

Axel