Prev
Next
Forums Integration / Customization S3 Interfaces/Conversion

"sudo" work-a-like for Cygwin

 4 Replies
 4 Subscribed to this topic
 11 Subscribed to this forum
Sort:
Author
Messages
Stuart Perkins
Basic Member
Posts: 18
Basic Member
9/10/2015 5:09 PM

    Has anybody migrated scripts and job steps which utilize the "sudo -u userid" command to submit jobs as other users or execute commands as other users from a Unix (AIX, HPUX etc..) platform to windows?


    Looking for alternatives to rewriting a bunch of scripts and breaking jobstreams (multi-step jobs executing other user's - system accounts - jobs), which will run under native Windows or Cygwin layer.

     

     

    The.Sam.Groves
    Veteran Member
    Posts: 89
    Veteran Member
    9/10/2015 5:44 PM
      The closest analog to SUDO -u username in Windows is the RUNAS command.

      https://technet.microsoft...ibrary/bb490994.aspx

      However you need to be aware that attempting to escalate privileges (i.e. a Unix sudo -u root) will popup the UAC dialog box if you have security set up on your server to do so when an administrative action is attempted by a non-administrative user.
      Stuart Perkins
      Basic Member
      Posts: 18
      Basic Member
      9/10/2015 6:01 PM
        I am looking for something which will get around the UAC in a secure fashion for specific users, target users and commands, somewhat analogous to the "sudoers" file and "NOPASSWD:" entries and processing on *nix. I have found a few different possibilities.

        I'm looking for anyone with a specific find in this area, as my client has a large number of scripted and job step uses of "sudo -u" which will need to be accommodated during the migration to a Windows server for 10 upgrade.

        What I have found so far is a 3rd party program "su.exe" which will take a cleartext password (and should be avoided for obvious reasons), another 3rd party program where the passwords to use are kept in an encrypted file (unknown German developer), and a client/server type of implementation using Python where the a command is passed to a listener on a local port which is running as the target user, and executed by that listener, which is already running therefore no UAC. So far, the Python solution looks most promising as a "sudoers" like file...if not a direct copy of the *nix one...can be used with the "client" Python script to manage it. Not as secure as I would like, but so far the best thing I've found...hence this query.
        Ben Coonfield
        Veteran Member
        Posts: 146
        Veteran Member
        9/10/2015 6:11 PM

          Runas is the way for native windows processes, but if you need something to run under Cygwin check out the following thread which has two possible solutions.

          http://stackoverflow.com/...equivalent-in-cygwin

          Stuart Perkins
          Basic Member
          Posts: 18
          Basic Member
          9/10/2015 6:24 PM
            Yes, I found the stack overflow thread. I'm looking for a clean way to implement a "NOPASSWD:" item for batch execution elevated...without having to modify the scripts or jobs as they exist on the *nix server. There are over 300 of them.