• Search Forums
    Advanced Search Topics Posts
Prev
Next
Forums Integration / Customization S3 Interfaces/Conversion

"sudo" work-a-like for Cygwin

 4 Replies
 4 Subscribed to this topic
 11 Subscribed to this forum
Sort:
Author
Messages
Stuart Perkins
Basic Member Send Private Message
Posts: 18
Basic Member
9/10/2015 5:09 PM

Has anybody migrated scripts and job steps which utilize the "sudo -u userid" command to submit jobs as other users or execute commands as other users from a Unix (AIX, HPUX etc..) platform to windows?

Looking for alternatives to rewriting a bunch of scripts and breaking jobstreams (multi-step jobs executing other user's - system accounts - jobs), which will run under native Windows or Cygwin layer.

 

 

The.Sam.Groves
Veteran Member Send Private Message
Posts: 89
Veteran Member
9/10/2015 5:44 PM
The closest analog to SUDO -u username in Windows is the RUNAS command. https://technet.microsoft...ibrary/bb490994.aspx However you need to be aware that attempting to escalate privileges (i.e. a Unix sudo -u root) will popup the UAC dialog box if you have security set up on your server to do so when an administrative action is attempted by a non-administrative user.
Stuart Perkins
Basic Member Send Private Message
Posts: 18
Basic Member
9/10/2015 6:01 PM
I am looking for something which will get around the UAC in a secure fashion for specific users, target users and commands, somewhat analogous to the "sudoers" file and "NOPASSWD:" entries and processing on *nix. I have found a few different possibilities. I'm looking for anyone with a specific find in this area, as my client has a large number of scripted and job step uses of "sudo -u" which will need to be accommodated during the migration to a Windows server for 10 upgrade. What I have found so far is a 3rd party program "su.exe" which will take a cleartext password (and should be avoided for obvious reasons), another 3rd party program where the passwords to use are kept in an encrypted file (unknown German developer), and a client/server type of implementation using Python where the a command is passed to a listener on a local port which is running as the target user, and executed by that listener, which is already running therefore no UAC. So far, the Python solution looks most promising as a "sudoers" like file...if not a direct copy of the *nix one...can be used with the "client" Python script to manage it. Not as secure as I would like, but so far the best thing I've found...hence this query.
Ben Coonfield
Veteran Member Send Private Message
Posts: 146
Veteran Member
9/10/2015 6:11 PM

Runas is the way for native windows processes, but if you need something to run under Cygwin check out the following thread which has two possible solutions.

http://stackoverflow.com/...equivalent-in-cygwin

Stuart Perkins
Basic Member Send Private Message
Posts: 18
Basic Member
9/10/2015 6:24 PM
Yes, I found the stack overflow thread. I'm looking for a clean way to implement a "NOPASSWD:" item for batch execution elevated...without having to modify the scripts or jobs as they exist on the *nix server. There are over 300 of them.