Non interactive batch to su on a linux box

Canon Pixma mx860 all-in-one printer
February 2, 2010 at 06:33:12
Specs: Windows XP
hi
i am trying to run a batch file on a xp machine that uses plink to run commands on many (6000+) unix boxes.
i want to use the su command so as i can kill processes on the box, but i want the batch file to pass the password to su.
I cant go round and edit the sudo files on every box, so obviously i also do not want to install expect on every box either.
Is there any way around this?


See More: Non interactive batch to su on a linux box

Report •


#1
February 3, 2010 at 02:56:07
Do you HAVE the su passwords?

And for those of us not of the unix faith, give us a hint about plink.


=====================================
Helping others achieve escape felicity

M2


Report •

#2
February 3, 2010 at 03:27:57
yes i have the su password

plink is for windows, it is bassically a command line tool for using putty.
It will allow you to connect to a remote machine and run commands. eg
plink remote@remote.com echo hello
would run the command echo hello on a remote machine, but because you have used plink the return from the command will be showing in the same windows that you ran plink from, not just on the remote machine.


Report •

#3
February 3, 2010 at 06:50:47
I don't know PLINK, but I get the concept ... and the problem. So if you run this :

plink remote@remote.com echo hello > /tmp/test.log

... it'll not work because Windows takes over the redirection, thinking it's the redirection of the Windows PLINK command, not the one from the Unix ECHO command, correct ?

A way you could workaround, is to just call a precreated script (on unix) that does the redirection, ex. script /home/user/myscript contains:

echo hello > /tmp/test.log

And your PLINK command would be :

plink remote@remote.com /home/user/myscript

The problem of course is, that you need the file on the Unix machine first ... on each of them. But, there are (command line) tools to copy 1 file onto each Unix box ...


Report •

Related Solutions

#4
February 3, 2010 at 07:25:38
Mechanix2Go: give us a hint about plink
Plink uses the same core as PuTTY, but instead of a fancy terminal window, it uses STDIO. No questions asked, nor data conversion between platforms. It's bundled with PuTTY, and I recommend the suite for anyone who runs Windows, but needs to access *NIX servers. (Or just want a better Telnet client.)

mc87
The easiest way to go about this is to just SSH into root, but that's a security concern, and it's probably disabled by default.

Here's the deal: You can try to use the -m option to send a series of commands, but Plink won't strip off the '\r' off of the lines, and the authors say sending multiple lines is unsupported. If you go this route, make sure you have a text editor that can write UNIX style text files. (Something like Notepad++, basically.) Even then, it's not guaranteed to work.

Your other option, then, is to start a remote shell, and send your text though STDIN, while being careful to send only '\n' and not '\r\n'.

The easiest way to do this would be to create a VBScript file like this:

Sub out(sTxt, iWait)
  WScript.StdOut.Write sTxt & vbLF
  WScript.Sleep iWait
End Sub

WScript.Sleep 200
out "Your text", 100
out "goes here", 1000
out "just", 50
out "make sure it ends with", 100
out "exit", 0

Then from the command line, you'd do something like this:
cscript //nologo yourScript.vbs | plink <whatever>


Report •

#5
February 3, 2010 at 09:06:53
> If you go this route, make sure you have a text editor that
> can write UNIX style text files. (Something like
> Notepad++, basically.) Even then, it's not guaranteed to
> work.
>

But you can always write your text files (with the commands in it, all 100% like it should), on Unix, then FTP ... but use BINARY mode, NOT ASCII ... and use this file with the above PLINK command ?! That way, it IS a unix text file at least ...


Report •

#6
February 3, 2010 at 10:57:13
I don't know PLINK, but I get the concept ... and the problem. So if you run this :

plink remote@remote.com echo hello > /tmp/test.log

... it'll not work because Windows takes over the redirection, thinking it's the redirection of the Windows PLINK command, not the one from the Unix ECHO command, correct ?


in fact i think that does work, (im pretty sure it does anyway) but i can see why you would think it wouldnt.
but either way thats not really the problem im having, Razor seems to understand the problem.
Which is basically that the su command will not accept piping out to it to use as the password. so i need some way of gaining admin access (cant log straight on as root logon is disabled, as razor also guessed)

The one thing im not sure about from razors reply is the -m option, surely this will still require a password for me to do something like kill a process?

Razor...could you clarify what you mean by start a remote shell and send my text through STDIN?? Will su accept piping text into it in that way? As for the vb script, where would that be sat? on the linux box i am trying to access? if so this would mean putting this script on every single box??

Thanks in advance


Report •

#7
February 3, 2010 at 14:18:11
The one thing im not sure about from razors reply is the -m option, surely this will still require a password for me to do something like kill a process?
If you go that route, it'd be one line per expected response. Something like:
su
password
kill -9 -1
exit

Will su accept piping text into it in that way?
It does in my tests. (Remember, we're piping to Plink, not su.)

As for the vb script, where would that be sat?
It would be on your box, which is presumably running Windows.


Report •

#8
February 3, 2010 at 14:59:24
From Response 2, it looked like an output issue you were describing ...

But, I indeed don't understand the problem, I guess the PLINK factor may be the reason. I don't get why you first connect to a machine (with an account, presumingly), and then ask to connect as some user, to perform a kill ... just connect as the correct user, in the first place ?! You do have A password, don't you ...


Report •

#9
February 3, 2010 at 15:13:53
tvc: just connect as the correct user
mc87: log straight on as root logon is disabled

Report •

#10
February 3, 2010 at 16:24:58
i cant log straight on...

Report •

#11
February 4, 2010 at 00:32:01
tvc.. plink isnt really the problem as it performs as expect, the problem come when the linux command "su" prompts for a password, i cant seem to find anyway of passing the password to su via a script, i always have to type it in.
I log on as one user and the su to root, because that is standard practice on linux, you should never login as root directly....and anyways logon as root is disabled so it is not possible to logon this way...

does anyone know a program / script that can enter text into a program so as it seems to becoming from the keyboard?


Report •

#12
February 4, 2010 at 01:09:30
my guess is, that's exactly what "they" (linux, unix) are trying to keep from happening, due to security issues. After all, root/su are not to be taken lightly! all the hooks and api's and etc. should not be able to circumvent security on the root level. I'm prob'ly wrong on this, but i wanted to spill my guts so if i am wrong, someone will correct me. Other than that, patch in or piggyback a fake keyboard (hardware issue then becomes)

Report •

#13
February 4, 2010 at 08:13:15
OK, I get it now.

The process you are trying to kill, is it root owned ?


Report •

#14
February 4, 2010 at 13:52:28
Did the VBScript method not work for you?

Report •

#15
February 5, 2010 at 04:15:35
While waiting response from threadstarter, maybe an idea to get into, is to check WHY you need to kill a process. Maybe that problem lead to this thread, maybe it didn't. It could easily be the case you are battling symptoms, instead of the cause. Definately if you are killing a root-owned process, I would consider thinking WHY you want to kill this process. And then, independant of the fact if the process is root-owned or not, I would think if a third party batch tool, is the correct way to manage a huge amount of *nix machines. Admit, the tool you are using, may not be suited for the task, otherwise you wouldn't have raised this thread. If one can afford 6000 *nix machines, you should be able to afford decent administration software ? And one more question : are you the system administration, or are you somebody who is (rightfully) granted the root-password to do some admin ?

Report •

#16
February 8, 2010 at 10:34:58
ok the reason i want to kill a root owned process is that i am trying to log off another user. i want to log off this user so that i return the box to the desktop,(the account that is usually logged on runs just one application continually and does not allow the end user to exit to desktop) from there the end user is able to run configuration options etc

if any one has any other ideas please feel free to let me know...

@razor i am going to have a look into what you are suggesting as I am not very clued up on VB.
But from what i am assuming you want the batch file to call a vb script which then enters text into the batch file by just running commands at set intervals?

I hope i have grasped that concept right as i am about to go and research it....


By the way, thanks for the input everyone, it is all very welcome.


Report •

#17
February 8, 2010 at 10:42:17
more@tvc

we have no one single administrator, and yes i do have access rightfully!

We have plenty of admin software for but nothing that does this specific task.
Also I admit completely this may not be the best way to do things, but there is a batch file currently set up that makes alot of reasonably complex task simple for first line teams, and I was hoping to add this functionality to it!


Report •

#18
February 8, 2010 at 10:43:34
But from what i am assuming you want the batch file to call a vb script which then enters text into the batch file by just running commands at set intervals?
Basically, yeah. We're just pumping text to STDOUT, and waiting. This output is piped to plink's STDIN, which in turn sends the text as if we typed it.

Report •

#19
February 8, 2010 at 15:18:52
ok just had a quick look at it, and it looks pretty reasonable.

razor could you annotate this code abit for me? as i say im a vb newbie

Sub out(sTxt, iWait)
WScript.StdOut.Write sTxt & vbLF
WScript.Sleep iWait
End Sub

WScript.Sleep 200 ::not sure about anything here or above i get the idea that it is creating a looping pause though
out "Your text", 100 ::does this mean 100ms delay?
out "goes here", 1000 ::and 100ms delay?


Report •

#20
February 8, 2010 at 17:08:38
i found a really fun gnu utility that also has lots of usefulness, and i got it to do what you want, i think.
it's called netcat (or nc.exe for windows version).
It will attach itself to any "listening" port and send the contents of a file, (on a delay if need be) to the port, and also execute commands. on Linux: man netcat
it will also listen on ports, and a lot of other features like logging, some of which don't work as well on the windows version as they're supposed to (like on the Linux version).
I got it to send the command to su, and the password, by
using the transmit-delay feature (-i ) then do a couple things (just to make sure it was really logged on) then log off.
I found two versions for windows, one of which doesn't work on my ME machine but both work on the XP:
URL: http://joncraton.org/files/nc111nt.zip
(hosted at:)
http://www.securityfocus.com/tools/139
the one that works on the ME is at:
http://www.governmentsecurity.org/f...
and there's a url to download nc11nt.zip
I had the idea of writing a "generic socket talker" exactly like this, but have nowhere near the knowledge I would have needed. ps it also comes with the C source code.

Report •

#21
February 9, 2010 at 04:07:57
ok most recent update:

I seem to have a vb code that now works fine and everything works as it should apart from one thing....plink does not seem to be able to pass the password to the linux box

even in i just have a batch file that says:
plink -ssh -p mypass user@computer su


This will then prompt me for a password, i enter the password manually and it does not work, infact i have noticed that if i press just one key prompted for the password, after about 2 seconds i get the error "su password incorrect"
It seems like plink is passing something random to su that is generated as soon as i touch any key...

any ideas?


Report •

#22
February 9, 2010 at 06:28:51
Not many. My first step would be to have Plink load a saved PuTTY session that I knew worked (in PuTTY) and see if I could su. If so, I'd then focus on manually copying over the settings to their command line equivalent. If not, I'd probably ask the guys on a newsgroup like comp.terminals. And if I got an answer there, I'd let the 4 guys who already tried to help me here know.

Report •

Ask Question