{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 beautiful° 的问题《JSch - How to issue commands as the user I have sw》','https://www.manongdao.com/q-377975.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am using Jsch to remotely connect to a Linux server from Windows 7.
I have to
(i) login to Linux server with my credentials
(ii) switch to root using a pmrun command [this is the procedure in our environment], and
(iii) execute su command to switch as "someuser"
(iv) execute further commands as that "someuser"
I completed the steps (i) and (ii).
After completing step (ii), the InputStream from the channel shows the command-prompt as that of the root user. So I assume that I have become the root user now.
Now, do I need to get the root user's session to further execute an su command, or is there a way to execute further commands as the root user?
Someone please help. Thanks.
Update: Source code
public class Pmrun {
public static void main(String[] arg){
try{
JSch jsch=new JSch();
String host=null;
if(arg.length>0){
host=arg[0];
}
else{
host="myself@linuxserver.com";
}
String user=host.substring(0, host.indexOf('@'));
host=host.substring(host.indexOf('@')+1);
Session session=jsch.getSession(user, host, 22);
UserInfo ui=new MyUserInfo();
session.setUserInfo(ui);
session.connect();
String command= "pmrun su -";
Channel channel=session.openChannel("exec");
((ChannelExec)channel).setCommand(command);
InputStream in = channel.getInputStream();
OutputStream outStream = channel.getOutputStream();
((ChannelExec)channel).setPty(true);
((ChannelExec)channel).setErrStream(System.err);
channel.connect();
TimeUnit.SECONDS.sleep(10);
outStream.write("xxxxxxx\n".getBytes());
outStream.flush();
((ChannelExec)channel).setCommand("su - someuser");
byte[] tmp=new byte[1024];
while(true){
while(in.available()>0){
int i=in.read(tmp, 0, 1024);
if(i<0)break;
System.out.print(new String(tmp, 0, i));
}
if(channel.isClosed()){
System.out.println("exit-status: "+channel.getExitStatus());
break;
}
try{Thread.sleep(1000);}catch(Exception ee){}
}
channel.disconnect();
session.disconnect();
}
catch(Exception e){
System.out.println(e);
}
}
public static class MyUserInfo implements UserInfo{
public String getPassword(){ return passwd; }
public boolean promptYesNo(String str){
str = "Yes";
return true;}
String passwd;
public String getPassphrase(){ return null; }
public boolean promptPassphrase(String message){ return true; }
public boolean promptPassword(String message){
passwd="zzzzzzzz";
return true;
}
public void showMessage(String message){
}
}
}
Extending @Martin's answer, the other solution would be to open the channel in "shell" mode which would maintain the session. Like this...
With the "exec" channel, you can execute a single command only.
The other command is executed within the
su, not after thesuanyway.one solution is to provide the other command on a
sucommand-line, like:or feed the command to the
suusing its standard input:In general, I recommend the first approach as it uses a better defined API (command-line argument).
The way pmrun works is it matches your User ID and/or primary local group ID (or netgroup) to a role-based profile that has been setup. This profile will give you rights to execute commands they have authorised within the profile. Without running the pmrun command it wont match you to one of their profiles and therefore the command will be rejected. if you have a look in your /opt/quest/bin folder you will see other prewrapped shells that you can use. Running the pmwrapped_bash is the same as running pmrun bash. From their you can then issue the command sudo -s to get Sudo root access and/or su - someuser to enter access that accounts privileges.
Did you end up getting the code you need or is this issue still a problem for you that I could assist.
For me, I need to pass through the users variables as we execute the pmrun $shell from within the /etc/profile file so that users dont need to type this and therefore their scripts works the same.
Regards Nomadz