This question already has answers here:
How do I run a batch file from my Java Application?
(12 answers)
How to input password to sudo using java Runtime?
(7 answers)
Closed 9 years ago.
Recently I am stuck with a Java program. My requirement is, I have to restart my snmp service through java code in my Ubuntu machine. Normally We can do the same with
Runtime.getRuntime().exec("service snmpd restart");
Above code is working fine if I log in to the system with ROOT user.
But now the requirement came that, it may possible client machine doesn't have root permission. In that case to restart the snmp one need to execute the command with sudo "sudo service snmpd restart". This command will ask for machine password and after entering the password system will restart the service.
Now whenever I am trying to execute the java code with the below code, it's not restarting the service. ecasue it doesn't have the option to receive the password.
Runtime.getRuntime().exec("sudo service snmpd restart");
So, please help me to find out a way to restart a service with java when user is not a root user and need to start a service with sudo command.
I'm almost sure that you will not be able to intercept the input for password as that would be a security issue. -- See Ricardo Cachiera's answer.
Regardless I don't recommend you do -S. My recommendation is that you configure sudo to let the java user run the snmpd with out a password (ie NOPASSWD).
So you'll have to know what user you are going to use to the Java code. Once you do, do this in a terminal:
sudo visudo
Add a line something like:
myusername ALL = (root) NOPASSWD: /etc/init.d/snmpd
You may have to make a wrapping shell script (as sudo doesn't support argument security) if you want to use the service command instead of sudo /etc/init.d/snmpd.
try that:
Runtime.getRuntime().exec("$echo <password> | sudo -S service snmpd restart");
It's a work solution although it's not the best solution in matter of security, because the password can be read by anyone that have access to JAR File.
My suggestion has nothing to do with programming. Just modify your Sudoers file to allow users of your program to run the desired commands with NOPASSWD.
For a generic solution:
MY_APP_USERS MY_APP_HOSTS= NOPASSWD: MY_APP_CMDS.
When, the user tom (Part of MY_APP_USERS) runs sudo service snmpd restart (Part of MY_APP_CMDS) in one of the MY_APP_HOSTS he will be granted permission without using a password.
And a specific solution (without Aliases):
# tom will be able to run sudo /usr/sbin/service snmpd restart at userver
tom userver=(root) NOPASSWD: /usr/sbin/service snmpd restart
Related
I have a service in linux called appSevice, when I start/stop with these cmd, it works :
sudo systemctl start appSevice.service;
sudo systemctl stop appSevice.service;
but the problem when I tried to execute these from JAVA code, I tried form exemple :
Runtime.getRuntime().exec("sudo systemctl stop appService.service");
but it didnt work, I can that the service is always running, any suggestions please to resolve this problem ?
service :
[Service]
Type=simple
ExecStart=/opt/soft/v1/launchAppService.ksh start
User=Jms-User
Restart=on-abort
Steps to help you execute a system command via java program:
create user and give him rights to execute systemctl command, see
this thread allowing user to run systemctl/systemd services without
password
execute your java program using this user
your java code should be:
Runtime.getRuntime().exec(new String[]{"systemctl", "stop", "appService.service"});
the first argument is the command to
execute, others are the arguments
There is one way also. Create new user with LimitedRoot capabilities and use VISUDO to allow the user to run systemctl/systemd services without entering a password.
Example:
%LimitedRootUser ALL=NOPASSWD: /bin/systemctl restart appService.service
As an introduction, let's just say I'm a real noob using linux. I try to do the things right, don't hit me if it's ugly.
So, the problematic. I'm trying to run some jars as webservices on an ubuntu server. I created a specific user (nuxservice) with no pwd. I edited sudoers to enable a few users (myself & root) to sudo using this account with no password.
I then took a lot of inspiration from : http://www.jcgonzalez.com/linux-java-service-wrapper-example
Most is working, only one real problem, my java process seems to not have the right to create its logging files.
I run my services with a classic
sudo service myservice start/stop/restart
The command line that are launching my services are :
nohup sudo -u nuxservice java -jar myjar.jar myargs
When I do a ps -ef, the services are launches with my nuxservice user.
When I do ls -ld, nuxservice is the owner and have the rights.
If I launch the command in a terminal myself, it works. When launching as a service, my logs files are not created.
Any clues mates ?
So...
It was kinda silly.
My user rights were fine. Problem is, I did not set the working folder in my script so Java was all lost considering the creation of the folder/files for logging.
All I had to do was adding a little
cd $PATH_TO_JAR
And it was all set !
I am writing a Java application in which (among other stuff) I'd mount a external device, do some copying, and then unmount it.
//I am mounting several devices in created dirs named sdb, sdc... according to the partitions
String[] command = {"gksu", "mount", "/dev/sd" + letter + "1", "mounter/sd" + letter};
Runtime.getRuntime().exec(command);
This works fine both in the terminal and in my program.
To unmount faster, I thought about using umount -a but gksu umount -a doesn't work in the terminal and consequently not in the Java program. sudo umount -a does work in the terminal, but not in the application. Meanwhile, I got it to work by unmounting the devices 1 by 1, but it would be cleaner if I could get umount -a to work someway.
If you understand why either gksu doesn't work with umount or sudo with Runtime.exec(), I'd take your explanation.
Thanks
I feel the problem is sudo not asking me for a password, as gksu does. But I don't know how to give it a password.
This is very likely the case.
There are a couple of different possible situations here, and each I think has it's own solution:
The user running the program (in the case of a desktop app) already has privileges to run the commands you need. - Prompt the user to enter their password and pass it to sudo through stdin using the -s flag. Check out the sudo man page for more. This is simple and ensures that your application doesn't have greater access than the user running it.
If your application needs to run with different privileges than the user has, or if this is running on a server, then the application should be run as it's own System User. You can then use visudo to give that system user the ability to run ONLY the commands you need without requiring a password. Just be very cautious about editing the sudoers file. I recommend adding it as a separate file and just linking to it in the actual sudoers so that it's easier to undo later.
I'm using the followig code to run a command from my Java App:
String cmd[] = {"sh","-c", "sudo chmod 777 -R " + path};
Terminal.runCommand(cmd);
I'd like to execute the .jar just by click in it and choose "Open with.." -> "Java";
The problem is that the app keep wating for a password because of the "sudo" command, but no terminal is called, the user can't give the password..
So, how could I call the coomand above AND a terminal to give the user a chance to insert the password and the application finally keep going?
Thank very much!
This is a sudo question, not a Java one; sudo does things as root. Your process doesn't have root priviledges, so sudo needs to authenticate the human being. That's a feature, not a bug. The system is not supposed to allow you to run root commands.
One option might be to use gksu instead, which is shipped by default on some distributions. It works similarly, but will pop up the password dialog in the GUI instead of on the (in this case non-existent) terminal.
Another might be to simply run your Java process as root, with all the security implications that might have. In some situations that can be a valid choice, but be careful.
Or you can check the man page for sudo and sudoers -- it's possible to configure accounts not to require a password, and to limit them to particular commands when they do.
I was wondering How to execute java Application with different userName and password.
For example:
Right now: When I do,
System.getProperty("user.name");
I get user1.
But I want to program in such a way that it says user2.
Can somebody help me How to accomplish this with Java or bat files.
Any kind of help is appreciated.
The java system property user.name is set by the operating system. So if you login as a different user and start you're java program, it will run under that username.
But You can also change the user under which you execute an program (if you have sufficient rights for it!).
Linux: use the sudo command
sudo -u user2 java yourprogram
(but you need to have sudo rights, for example by being root)
Windows use the runas command:
runas /user:domain\user2 java yourprogram
You can override this value, the same as any other system property with
java -Duser.name=my-new-user
or
System.setProperty("user.name", "my-new-user");
Note: neither solution changes the user-id of the process, just the value returned by System.getProperty("user.name");
You need to switch to user2 (su user2 on linux), then run your program.
If you're doing this on Windows, you can use the runas command in a batch file to run in the context of a different user. On a Unix/Linux system, you can use the su command.