I have following script:
[root@localhost:~]# cat /mnt/start_discovery
#!/bin/sh
InterfaceNumber=$((65471 - $1))
mysql --user=' ' --execute="insert into dc.discovery_commands(device, job_ttd) select $InterfaceNumber, DATE_ADD( UTC_TIMESTAMP(), INTERVAL 12 HOUR);"
and 3 users which allow to execute command: root, ste and www. User ste and www using sudo for execution command, root work without sudo.
[root@localhost:~]# cat /etc/sudoers
root ALL=(ALL) ALL
ste ALL=(ALL) ALL
www ALL=/mnt/start_discovery *,\
sh -xv *
When I run command from user www - all is fine:
[www@localhost:~]$ sudo sh -xv /mnt/start_discovery 0
#!/bin/sh
InterfaceNumber=$((65471 - $1))
+ InterfaceNumber=65471
mysql --user=' ' --execute="insert into dc.discovery_commands(device, job_ttd) select $InterfaceNumber, DATE_ADD( UTC_TIMESTAMP(), INTERVAL 12 HOUR);"
+ mysql --user= --execute=insert into dc.discovery_commands(device, job_ttd) select 65471, DATE_ADD( UTC_TIMESTAMP(), INTERVAL 12 HOUR);
but for user ste:
[ste@localhost:~]$ sudo sh -xv /mnt/start_discovery 0
#!/bin/sh
InterfaceNumber=$((65471 - $1))
+ InterfaceNumber=65471
mysql --user=' ' --execute="insert into dc.discovery_commands(device, job_ttd) select $InterfaceNumber, DATE_ADD( UTC_TIMESTAMP(), INTERVAL 12 HOUR);"
+ERROR 1045 (28000): Access denied for user ' '@'localhost' (using password: YES)
same and for user root:
[root@localhost:~]# sh -xv /mnt/start_discovery 0
#!/bin/sh
InterfaceNumber=$((65471 - $1))
+ InterfaceNumber=65471
mysql --user=' ' --execute="insert into dc.discovery_commands(device, job_ttd) select $InterfaceNumber, DATE_ADD( UTC_TIMESTAMP(), INTERVAL 12 HOUR);"
+ERROR 1045 (28000): Access denied for user ' '@'localhost' (using password: YES)
For user root and ste I have passwords for mysql in files ~/.my.cnf, for user www - has not any access to mysql. Users for mysql are created:
[root@localhost:~]# mysql -e "select user,host,password from mysql.user;"
+------+-----------+-------------------------------------------+
| user | host | password |
+------+-----------+-------------------------------------------+
| root | localhost | *48A8ACDAF5434778D6B5D0254833B2AEC555514A |
| ste | localhost | *425AF4AF33C4FB42AC52A0A6630DEE61AB94A67A |
| | localhost | |
+------+-----------+-------------------------------------------+
Any ideas why so happening? And how will be better to make what all users have possibility to execute this script (script has permission 750 and sudo is required) ?
Errors showing up on attempts #2 and #3 (running the script as ste
or root
) mention "(using password: YES)
", although there is no password provided on the invocation line in your script.
These two users must have a custom, personnal configuration file (~/.my.cnf) which contains a password
clause (in this case, such password is always provided by default).
Try adding the following option in your script: --password=''