PrevPrev Go to previous topic
NextNext Go to next topic
Last Post 09/10/2015 2:24 PM by  Stuart Perkins
"sudo" work-a-like for Cygwin
 4 Replies
Sort:
You are not authorized to post a reply.
Author Messages
Stuart Perkins
Private
Private
Basic Member
(38 points)
Basic Member
Posts:16


Send Message:

--
09/10/2015 1:09 PM

    Has anybody migrated scripts and job steps which utilize the "sudo -u userid" command to submit jobs as other users or execute commands as other users from a Unix (AIX, HPUX etc..) platform to windows?


    Looking for alternatives to rewriting a bunch of scripts and breaking jobstreams (multi-step jobs executing other user's - system accounts - jobs), which will run under native Windows or Cygwin layer.

     

     

    The.Sam.Groves
    Programmer Analyst
    St Lukes Hospital
    Veteran Member
    (265 points)
    Veteran Member
    Posts:89


    Send Message:

    --
    09/10/2015 1:44 PM
    The closest analog to SUDO -u username in Windows is the RUNAS command.

    https://technet.microsoft.com/en-us...90994.aspx

    However you need to be aware that attempting to escalate privileges (i.e. a Unix sudo -u root) will popup the UAC dialog box if you have security set up on your server to do so when an administrative action is attempted by a non-administrative user.
    Stuart Perkins
    Private
    Private
    Basic Member
    (38 points)
    Basic Member
    Posts:16


    Send Message:

    --
    09/10/2015 2:01 PM
    I am looking for something which will get around the UAC in a secure fashion for specific users, target users and commands, somewhat analogous to the "sudoers" file and "NOPASSWD:" entries and processing on *nix. I have found a few different possibilities.

    I'm looking for anyone with a specific find in this area, as my client has a large number of scripted and job step uses of "sudo -u" which will need to be accommodated during the migration to a Windows server for 10 upgrade.

    What I have found so far is a 3rd party program "su.exe" which will take a cleartext password (and should be avoided for obvious reasons), another 3rd party program where the passwords to use are kept in an encrypted file (unknown German developer), and a client/server type of implementation using Python where the a command is passed to a listener on a local port which is running as the target user, and executed by that listener, which is already running therefore no UAC. So far, the Python solution looks most promising as a "sudoers" like file...if not a direct copy of the *nix one...can be used with the "client" Python script to manage it. Not as secure as I would like, but so far the best thing I've found...hence this query.
    Ben Coonfield
    Private
    Private
    Veteran Member
    (420 points)
    Veteran Member
    Posts:146


    Send Message:

    --
    09/10/2015 2:11 PM

    Runas is the way for native windows processes, but if you need something to run under Cygwin check out the following thread which has two possible solutions.

    http://stackoverflow.com/questions/...-in-cygwin

    Stuart Perkins
    Private
    Private
    Basic Member
    (38 points)
    Basic Member
    Posts:16


    Send Message:

    --
    09/10/2015 2:24 PM
    Yes, I found the stack overflow thread. I'm looking for a clean way to implement a "NOPASSWD:" item for batch execution elevated...without having to modify the scripts or jobs as they exist on the *nix server. There are over 300 of them.
    You are not authorized to post a reply.