"sudo" work-a-like for Cygwin

Sort:
You are not authorized to post a reply.
Author
Messages
Stuart Perkins
Basic Member
Posts: 18
Basic Member

    Has anybody migrated scripts and job steps which utilize the "sudo -u userid" command to submit jobs as other users or execute commands as other users from a Unix (AIX, HPUX etc..) platform to windows?


    Looking for alternatives to rewriting a bunch of scripts and breaking jobstreams (multi-step jobs executing other user's - system accounts - jobs), which will run under native Windows or Cygwin layer.

     

     

    The.Sam.Groves
    Veteran Member
    Posts: 89
    Veteran Member
      The closest analog to SUDO -u username in Windows is the RUNAS command.

      https://technet.microsoft...ibrary/bb490994.aspx

      However you need to be aware that attempting to escalate privileges (i.e. a Unix sudo -u root) will popup the UAC dialog box if you have security set up on your server to do so when an administrative action is attempted by a non-administrative user.
      Stuart Perkins
      Basic Member
      Posts: 18
      Basic Member
        I am looking for something which will get around the UAC in a secure fashion for specific users, target users and commands, somewhat analogous to the "sudoers" file and "NOPASSWD:" entries and processing on *nix. I have found a few different possibilities.

        I'm looking for anyone with a specific find in this area, as my client has a large number of scripted and job step uses of "sudo -u" which will need to be accommodated during the migration to a Windows server for 10 upgrade.

        What I have found so far is a 3rd party program "su.exe" which will take a cleartext password (and should be avoided for obvious reasons), another 3rd party program where the passwords to use are kept in an encrypted file (unknown German developer), and a client/server type of implementation using Python where the a command is passed to a listener on a local port which is running as the target user, and executed by that listener, which is already running therefore no UAC. So far, the Python solution looks most promising as a "sudoers" like file...if not a direct copy of the *nix one...can be used with the "client" Python script to manage it. Not as secure as I would like, but so far the best thing I've found...hence this query.
        Ben Coonfield
        Veteran Member
        Posts: 146
        Veteran Member

          Runas is the way for native windows processes, but if you need something to run under Cygwin check out the following thread which has two possible solutions.

          http://stackoverflow.com/...equivalent-in-cygwin

          Stuart Perkins
          Basic Member
          Posts: 18
          Basic Member
            Yes, I found the stack overflow thread. I'm looking for a clean way to implement a "NOPASSWD:" item for batch execution elevated...without having to modify the scripts or jobs as they exist on the *nix server. There are over 300 of them.
            You are not authorized to post a reply.