Is it possbile to execute linux commands with java? I am trying to create a web servlet to allow ftp users to change their passwords without ssh login access. I would like to execute the next commands:
# adduser -s /sbin/nologin clientA -d /home/mainclient/clientA
# passwd clientA
# cd /home/mainclient; chgrp -R mainclient clientA
# cd /home/mainclient/clientA; chmod 770 .
Check out this.
However, doing what you are talking about is way outside spec, and I wouldnt reccommend it. To get it to work you are going to either run your app server as root, or use some other mechanism to give the user the app server is running as permission to execute these privileged commands. One small screw-up somewhere and you are "owned".
Use:
Runtime.getRuntim().exec("Command");
where Command is the command string you want to execute.
If you invoke those commands from Java, make sure to pack multiple commands to a single shell-script. This will make invocation much easier.
have a look at java.lang.Runtime
The java RunTime object has exec methods to run commands in a separate process
Related
I researched this question and all answers suggest visudo to add:
Defaults:user !requiretty
It does not work!
I have two Linux boxes (RedHat). I have a Java class which uses ProcessBuilder/Process to execute commands. The class runs under a system account.
On both boxes, I run
su other-user -c 'some-command'
and provide the password for other-user in an input stream to the Process object.
On one box, the command succeeds and on the other I get the error above.
The sudoers files on both machines did not have exclusions for requiretty ('Defaults requiretty' is set on both files).
I tried adding the exclusion as suggested by the answers I found. I tried both the system user running the process and 'other-user'...
Does not work.
What else can be the issue? Do I need to restart the system after adding the requiretty exceptoin(s)?
sudoers is for sudo rather than su so you should use sudo.
According to su manual:
-c, --command COMMAND
Specify a command that will be invoked by the shell using its -c.
The executed command will have no controlling terminal. This option cannot be used to execute interactive programs which need a controlling TTY.
you can use a TTY spawning if you are trying to avoid using sudo or you don't have a sudo privileges.
Just invoke one of the following codes before running the code which giving you the error you mentioned.
here are some examples of codes you can use, depends on the code or the system you are using:
python -c 'import pty; pty.spawn("/bin/sh")'
echo os.system('/bin/bash')
/bin/sh -i
perl —e 'exec "/bin/sh";'
perl: exec "/bin/sh";
ruby: exec "/bin/sh"
lua: os.execute('/bin/sh')
(From within IRB)
exec "/bin/sh"
(From within vi)
:!bash
(From within vi)
:set shell=/bin/bash:shell
(From within nmap)
!sh
the first three choices up are my common used ones, and I am trusting their results.
I am using them while pentesting.
I am writing a Java application in which (among other stuff) I'd mount a external device, do some copying, and then unmount it.
//I am mounting several devices in created dirs named sdb, sdc... according to the partitions
String[] command = {"gksu", "mount", "/dev/sd" + letter + "1", "mounter/sd" + letter};
Runtime.getRuntime().exec(command);
This works fine both in the terminal and in my program.
To unmount faster, I thought about using umount -a but gksu umount -a doesn't work in the terminal and consequently not in the Java program. sudo umount -a does work in the terminal, but not in the application. Meanwhile, I got it to work by unmounting the devices 1 by 1, but it would be cleaner if I could get umount -a to work someway.
If you understand why either gksu doesn't work with umount or sudo with Runtime.exec(), I'd take your explanation.
Thanks
I feel the problem is sudo not asking me for a password, as gksu does. But I don't know how to give it a password.
This is very likely the case.
There are a couple of different possible situations here, and each I think has it's own solution:
The user running the program (in the case of a desktop app) already has privileges to run the commands you need. - Prompt the user to enter their password and pass it to sudo through stdin using the -s flag. Check out the sudo man page for more. This is simple and ensures that your application doesn't have greater access than the user running it.
If your application needs to run with different privileges than the user has, or if this is running on a server, then the application should be run as it's own System User. You can then use visudo to give that system user the ability to run ONLY the commands you need without requiring a password. Just be very cautious about editing the sudoers file. I recommend adding it as a separate file and just linking to it in the actual sudoers so that it's easier to undo later.
I am using tcl.lang.Interp.eval() to execute a "hello world" tcl script. The command used to execute the script is something like this-
source /path/of/my/script.tcl
Now how do I execute the script as sudo user as we cannot execute source using sudo through java program?
You can run tclsh (the “mothership” implementation of Tcl, written in C) from inside sudo just fine, or you can run a JVM which uses the TclJava library. However, sudo runs whole processes with elevated privileges and not just a library; you need to think in terms of creating a program that will do what you want, possibly with suitable arguments passed in.
FWIW, I'd start by trying:
sudo tclsh /path/of/my/script.tcl
That's going to be the simplest if it works; it's how tclsh is designed to be used (plus sudo). It's only unsuitable if the script requires access to an in-process JVM. If that's the case, you're probably going to have to write a small wrapper Java program.
I'm using the followig code to run a command from my Java App:
String cmd[] = {"sh","-c", "sudo chmod 777 -R " + path};
Terminal.runCommand(cmd);
I'd like to execute the .jar just by click in it and choose "Open with.." -> "Java";
The problem is that the app keep wating for a password because of the "sudo" command, but no terminal is called, the user can't give the password..
So, how could I call the coomand above AND a terminal to give the user a chance to insert the password and the application finally keep going?
Thank very much!
This is a sudo question, not a Java one; sudo does things as root. Your process doesn't have root priviledges, so sudo needs to authenticate the human being. That's a feature, not a bug. The system is not supposed to allow you to run root commands.
One option might be to use gksu instead, which is shipped by default on some distributions. It works similarly, but will pop up the password dialog in the GUI instead of on the (in this case non-existent) terminal.
Another might be to simply run your Java process as root, with all the security implications that might have. In some situations that can be a valid choice, but be careful.
Or you can check the man page for sudo and sudoers -- it's possible to configure accounts not to require a password, and to limit them to particular commands when they do.
I have a Java application executed from a ([ba]sh) shell script and unfortunately sometimes the people responsible for deploying it and starting it fail to switch to the appropriate user before starting the application. In this situation I'd like the application to not run at the very least, and ideally issue a warning not to do that. I thought about trying to alias java or change the path for root to include a fake java which does so, but this might have undesirable side effects and isn't going to be effective easily since the shell script specifies the full path to the java binary.
So, is there a standard idiom in shell scripts for 'don't run if I'm root'?
Example in bash:
if [ `id -u` = 0 ]; then
echo "You are root, go away!"
exit 1
fi
In BASH, you can take the output of whoami and compare it to root.
I use something like this at the beginning of scripts that I want to
be run under a service account:
LUSER='my-service'
if [ `id -un` != $LUSER ]; then
exec su $LUSER -s $SHELL -c "$0 $#"
fi
# actual script commands here.
If run as the correct user, execution will continue as planned. If run
as root, privileges are dropped to the wanted user-id. Other users
will get a password prompt which should tell them that something is
wrong.
su -s $SHELL ... is used to override the shell set in /etc/passwrd
-- it may be set to /bin/false for the service account.
I have used this on Debian systems, using bash and dash. Feel free
to comment if portability can be improved.