Trying to write a Java program capable of running a UNIX command as a different UNIX user. I have the user's password, and I know the command I want to run, but the command has to be run as that user - so I have to login as that user first.
尝试编写能够以不同的UNIX用户身份运行UNIX命令的Java程序。我有用户的密码,我知道我想要运行的命令,但该命令必须以该用户身份运行 - 所以我必须先以该用户身份登录。
For example: say we have a user, jim, who wants to see what's in bob's home directory, and (for whatever reason) jim has access to execute ls whereas bob does not. We are currently logged in as bob. Here is what we (could) do:
例如:假设我们有一个用户,jim,谁想要查看bob的主目录中的内容,并且(无论出于何种原因)jim可以访问执行ls而bob没有。我们目前以bob身份登录。这是我们(可以)做的:
bob@host$ su jim && ls ~bob
Problem is, we get prompted for jim's password. Since this is run from a Java program, i.e.
问题是,我们会收到jim密码的提示。因为这是从Java程序运行的,即
Process p = Runtime.getRuntime().exec("su jim && ls ~bob");
we get prompted for jim's password and hung up. We know jim's password. However, I can't enter it.
我们收到jim密码的提示并挂断了。我们知道jim的密码。但是,我不能输入它。
Additionally, we can't use an Expect script (don't have it installed) and we can't become the superuser. I also looked into using SSH to try this, since we could technically do
此外,我们不能使用Expect脚本(没有安装它),我们不能成为超级用户。我也考虑使用SSH来尝试这个,因为我们可以在技术上做到这一点
bob@host$ ssh jim@host "ls ~bob"
but this also doesn't work since I don't have permission to setup passwordless SSH.
但由于我没有设置无密码SSH的权限,这也行不通。
My last-ditch effort is to try and use an SSH library for Java, since the password is available to the Java program and I would be able to login with that (and execute the proper command). But since I'm going to be running on the same host, it seems like overkill.
我最后的努力是尝试使用SSH库来实现Java,因为密码可供Java程序使用,我可以用它登录(并执行正确的命令)。但是因为我要在同一台主机上运行,所以看起来有点矫枉过正。
Any suggestions?
P.S: Java version 1.4.2, can't upgrade; AIX UNIX 5.3.
P.S:Java版本1.4.2,无法升级; AIX UNIX 5.3。
6 个解决方案
#1
Have sudo installed, have the user running the Java program entered in /etc/sudoers for the commands in question, and use sudo -u jim ls ~bob
.
安装了sudo,让用户运行在/ etc / sudoers中输入的Java程序用于相关命令,并使用sudo -u jim ls~bob。
#2
Problem solved. Used JSch (http://www.jcraft.com/jsch/) to SSH into the server with known username and password, and execute command. Thanks all for your suggestions!
问题解决了。使用JSch(http://www.jcraft.com/jsch/)以已知的用户名和密码SSH连接到服务器,并执行命令。谢谢大家的建议!
#3
Possibly a java implementation of Expect? ExpectJ comes up when googling but I couldn't find any documentation regarding running under 1.4.2.
可能是Expect的java实现?谷歌搜索时出现了ExpectJ,但我找不到任何关于在1.4.2下运行的文档。
#4
Have you tried redirecting the sudo commands input and writing to that. I haven't used Java in a while but I believe there is a way to get the input stream and write to it. You could use that to write the password followed by a new line and sudo or su should accept the password.
您是否尝试重定向sudo命令输入并写入该命令。我有一段时间没有使用Java,但我相信有一种方法可以获取输入流并写入它。你可以使用它来写密码后跟一个新行,sudo或su应该接受密码。
Use getInputStream() and write your password out to that.
使用getInputStream()并将密码写入其中。
su jim -c ls ~Bob
#5
Perhaps this would work:
也许这会奏效:
Process process = Runtime.getRuntime().exec("su jim && ls ~bob");
OutputStream standardInput = process.getOutputStream();
Writer standardInputWriter = new OutputStreamWriter(standardInput);
standardInputWriter.write("password\n");
standardInputWriter.close();
#6
I'm not sure this code:
我不确定这段代码:
Process p = Runtime.getRuntime().exec("su jim && ls ~bob");
will be executed in a shell, needed to evaluate the &&, that is a shell command (/bin/sh). You should pass the command "ls ~bob" via a command line swith of su. Something like:
将在shell中执行,需要评估&&,这是一个shell命令(/ bin / sh)。你应该通过su的命令行swith传递命令“ls~bob”。就像是:
su jim -c 'ls ~bob'
#1
Have sudo installed, have the user running the Java program entered in /etc/sudoers for the commands in question, and use sudo -u jim ls ~bob
.
安装了sudo,让用户运行在/ etc / sudoers中输入的Java程序用于相关命令,并使用sudo -u jim ls~bob。
#2
Problem solved. Used JSch (http://www.jcraft.com/jsch/) to SSH into the server with known username and password, and execute command. Thanks all for your suggestions!
问题解决了。使用JSch(http://www.jcraft.com/jsch/)以已知的用户名和密码SSH连接到服务器,并执行命令。谢谢大家的建议!
#3
Possibly a java implementation of Expect? ExpectJ comes up when googling but I couldn't find any documentation regarding running under 1.4.2.
可能是Expect的java实现?谷歌搜索时出现了ExpectJ,但我找不到任何关于在1.4.2下运行的文档。
#4
Have you tried redirecting the sudo commands input and writing to that. I haven't used Java in a while but I believe there is a way to get the input stream and write to it. You could use that to write the password followed by a new line and sudo or su should accept the password.
您是否尝试重定向sudo命令输入并写入该命令。我有一段时间没有使用Java,但我相信有一种方法可以获取输入流并写入它。你可以使用它来写密码后跟一个新行,sudo或su应该接受密码。
Use getInputStream() and write your password out to that.
使用getInputStream()并将密码写入其中。
su jim -c ls ~Bob
#5
Perhaps this would work:
也许这会奏效:
Process process = Runtime.getRuntime().exec("su jim && ls ~bob");
OutputStream standardInput = process.getOutputStream();
Writer standardInputWriter = new OutputStreamWriter(standardInput);
standardInputWriter.write("password\n");
standardInputWriter.close();
#6
I'm not sure this code:
我不确定这段代码:
Process p = Runtime.getRuntime().exec("su jim && ls ~bob");
will be executed in a shell, needed to evaluate the &&, that is a shell command (/bin/sh). You should pass the command "ls ~bob" via a command line swith of su. Something like:
将在shell中执行,需要评估&&,这是一个shell命令(/ bin / sh)。你应该通过su的命令行swith传递命令“ls~bob”。就像是:
su jim -c 'ls ~bob'