Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!rice!uw-beaver!uw-june!ka
From: ka@cs.washington.edu (Kenneth Almquist)
Newsgroups: comp.unix.wizards
Subject: Re: using "su" without keying in the password
Summary: No.  Write your own version of su.
Keywords: password su
Message-ID: <11170@june.cs.washington.edu>
Date: 22 Mar 90 03:28:57 GMT
References: <1990Mar14.202740.5044@neptune.UUCP>
Distribution: na
Organization: U of Washington, Computer Science, Seattle
Lines: 42

orr@neptune.UUCP (Rick Orr) asks:

>  Is there a way to use the "su" command in a script and have the
>  script supply the password, without it having to be typed. 
>  I have tried several ways without any success.

Su reads the password from /dev/tty.  So the only way to get it to
read from something other than the terminal is to run in on a pseudo-
tty, if your version of UNIX has those.

For security reasons, you don't want to have the superuser password
sitting in a file in your system anyway.  Consider writing a C program
to do what you want:

	#include <stdio.h>

	#define ROOTID 0	/* uid of superuser */
	#define MYUID 746	/* my uid */

	main(argc, argv)  char **argv; {
	      char **arglist;
	      static char *shell_args[] = {"/bin/sh", NULL};

	      /* perform security checks */
	      if (getuid() != MYUID) {
		    fprintf(stderr, "Permission denied.\n");
		    exit(2);
	      }

	      /* now run the program as root */
	      arglist = argc > 1? argv + 1 : shell_args;
	      setuid(ROOTID);
	      execvp(arglist[0], arglist);
	      fprintf(stderr, "%s: not found\n", arglist[0]);
	      exit(2);
	}

Now make this program setuid to root, and you have a variant of "su"
which doesn't require a password.  But only the user with uid 746 can
run it.  You can replace this check with something appropriate for
your particular application.
				Kenneth Almquist