tags:

views:

1905

answers:

7
+4  Q: 

Running UNIX commands as different user, from Java

Trying to write a Java program capable of running a UNIX command as a different UNIX user. I have the user's password, and I know the command I want to run, but the command has to be run as that user - so I have to login as that user first.

For example: say we have a user, jim, who wants to see what's in bob's home directory, and (for whatever reason) jim has access to execute ls whereas bob does not. We are currently logged in as bob. Here is what we (could) do:

bob@host$ su jim && ls ~bob

Problem is, we get prompted for jim's password. Since this is run from a Java program, i.e.

Process p = Runtime.getRuntime().exec("su jim && ls ~bob");

we get prompted for jim's password and hung up. We know jim's password. However, I can't enter it.

Additionally, we can't use an Expect script (don't have it installed) and we can't become the superuser. I also looked into using SSH to try this, since we could technically do

bob@host$ ssh jim@host "ls ~bob"

but this also doesn't work since I don't have permission to setup passwordless SSH.

My last-ditch effort is to try and use an SSH library for Java, since the password is available to the Java program and I would be able to login with that (and execute the proper command). But since I'm going to be running on the same host, it seems like overkill.

Any suggestions?

P.S: Java version 1.4.2, can't upgrade; AIX UNIX 5.3.

+2  A: 

Have sudo installed, have the user running the Java program entered in /etc/sudoers for the commands in question, and use "sudo -u jim ls ~bob".

DevSolar  2009-06-18 14:05:45
This isn't a solution. Unfortunately, I can't modify the system in anyway - including installing sudo.
Glen  2009-06-18 14:07:23
You need to switch hosts then.
Andrew Austin  2009-06-18 14:10:17
Agree with Andrew. If your host doesn't allow you stuff like pubkey SSH, and you cannot even get "sudo" installed, then chances are anything you could come up with regarding your "su" scheme, while perhaps possible, isn't allowed by your hoster either, and you're bound for trouble. Find a hoster allowing sudo, it's about the only sensible solution.
DevSolar  2009-06-18 15:08:45
A: 

Possibly a java implementation of Expect? ExpectJ comes up when googling but I couldn't find any documentation regarding running under 1.4.2.

lucas  2009-06-18 14:09:27
This might be a solution. Thanks for the tip.
Glen  2009-06-18 14:24:32
Well, ExpectJ looks like it should work - managed to get the dependencies copied over and built. Problem is, though, ExpectJ uses StringBuilder, which didn't get implemented until 1.5. Any suggestions?
Glen  2009-06-18 14:53:13
You can ask the ExpectJ people if they have an old version around (there isn't one on sourceforge). If the only problem is the StringBuilder, you should be able to modify the code yourself.
Kathy Van Stone  2009-06-18 15:38:31
A: 

Have you tried redirecting the sudo commands input and writing to that. I haven't used Java in a while but I believe there is a way to get the input stream and write to it. You could use that to write the password followed by a new line and sudo or su should accept the password.

Use getInputStream() and write your password out to that.

su jim -c ls ~Bob
Stephan  2009-06-18 14:09:32
A: 

Perhaps this would work:

Process process = Runtime.getRuntime().exec("su jim && ls ~bob");

OutputStream standardInput = process.getOutputStream();
Writer standardInputWriter = new OutputStreamWriter(standardInput);
standardInputWriter.write("password\n");
standardInputWriter.close();
Adam Paynter  2009-06-18 14:11:23
Thanks, but it didn't work. I've tried something similar before, but with about the same result.
Glen  2009-06-18 14:19:26
A: 

I'm not sure this code:

Process p = Runtime.getRuntime().exec("su jim && ls ~bob");

will be executed in a shell, needed to evaluate the &&, that is a shell command (/bin/sh). You should pass the command "ls ~bob" via a command line swith of su. Something like:

su jim -c 'ls ~bob'
dfa  2009-06-18 14:18:31
Same result as above answer.
Glen  2009-06-18 14:22:28
then SSH imho is the only viable option
dfa  2009-06-18 14:29:29
A: 

I know how to implement this in C but not in Java. You need pseudo-terminals for sending password into slave process. su refuse passwords received in other way.

vitaly.v.ch  2009-06-18 14:38:35
A: 

Problem solved. Used JSch (http://www.jcraft.com/jsch/) to SSH into the server with known username and password, and execute command. Thanks all for your suggestions!

Glen  2009-06-18 16:30:45

related questions

Obscuring network proxy password in plain text files on Linux/UNIX-likes
Why doesn't **find** find anything?
Getting stack traces on Unix systems, automatically
Differences between unix and windows files
How do you do a case insensitive search using a pattern modifier using less ?
Using Visual Studio to develop for C++ for Unix
How do I generate ASCII codes 2 and 3 in a Bash command line?
What's in your .procmailrc
Allow user to set up an SSH tunnel, but nothing else
What is PHP Safe Mode GID?
How to avoid redefining VERSION, PACKAGE, etc.
How can I encode xml files to xfdl (base64-gzip)?
Faster way to find duplicates conditioned by time
Date arithmetic in Unix shell scripts
Using Xming X Window Server over a VPN
Windows Equivalent of 'nice'
How do I configure and communicate with a serial port?
Choosing a static code analysis tool
What should a longtime Windows user know when starting to use Linux?
How do I use (n)curses in Ruby?
Process size on UNIX
Getting root permissions on a file inside of vi?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
Fastest way to get value of pi