Open a file of a different user

Adler has asked for the wisdom of the Perl Monks concerning the following question:

Hi to all, i wrote a program in perl that a line code of it is the following:

my $str = sprintf("awk \'\\'' \/: %s \/ \{printf \"%%d\\n ",\$4\}'\\''
+ prt\/%s\/prt_GPS_%d_%03d", $filename_server , lc $station ,  $year,$
+doy);

$stdout = `ssh username\@111.111.111.111 '$str'`;
[download]

this situation was solved my problem as the program ran on a different computer then the file i use awk on. Now i have the possibility to to run my program on the same computer which i open the ssh tunnel too. Assuming i run my program using one username, how could i access a file which belongs to a different username and run my awk bash command? P.S. assuming i have the password of the second username and\or ask the admin to do some security changes. thanks

Comment on Open a file of a different user Download Code

Replies are listed 'Best First'.
Re: Open a file of a different user by proceng (Scribe) on May 11, 2010 at 17:12 UTC
The solution depends on one of two scenarios: Is this a file meant to be accessed by multiple users? If so, it should be in a specific directory with group read and/or write permissions. Is the secondary user one that is also under your control? If so, your sysadm can set up the permissions for the user If not, see scenario 1 The individual home directories should not have world read write access, this is what group permissions and directories are for. Once you are given the username/password combination for another user, you also inherit the responsibilites for that data, and the other user inherits the responsibilities for your actions. Run the idea of group (ie: shared) directories past your sysadm (and IT security staff). It will make things easier for all concerned.	[reply]
Re^2: Open a file of a different user by JavaFan (Canon) on May 12, 2010 at 01:57 UTC
Most (all?) modern Unix systems allow for ACLs on files, which is much finer grained and less limiting than groups. When it's just two different users needed access to a single file, ACLs are the way to go. For instance: `$ setfacl -m u:<other-user>:rw file` [download] will give `<other-user>` read/write access to the given file. Where `<other-user>` is either the user name or the user id. Note that on some OSses, you need to be root to set ACLs, and sometimes you may need an acl mount parameter.	[reply] [d/l] [select]
Re^3: Open a file of a different user by proceng (Scribe) on May 12, 2010 at 23:46 UTC
Javafan, please note that from a security standpoint: The individual home directories should not have world read write access, this is what group permissions and directories are for. If the user needs access to a file that is owned by another user, it should be stored in a common access area. In fact, there are some security related functions (of which SSH is one) that refuse to run if the user's home directory is world readable. File access controls are nice (and selinux context controls even nicer), but group read/write access (anything with more than one user) needs appropriate permissions set and enforced.	[reply]
Re^4: Open a file of a different user by JavaFan (Canon) on May 13, 2010 at 13:04 UTC
Re: Open a file of a different user by Anonymous Monk on May 11, 2010 at 15:13 UTC
Use Net::SSH or SSH::Command	[reply]
Re: Open a file of a different user by walkingthecow (Friar) on May 11, 2010 at 21:37 UTC
You could use sudo so that the account spawning the script has access to the file via sudo. Or, you could use something like Expect. The code below would obviously have to be modified to fit what you're doing (e.g., we send $AWK, but $AWK is not defined), but it gives you a start: #!/usr/bin/perl use strict; use warnings; use Expect; $TIMEOUT = 60; $USERNAME = '(hidden)'; $PASSWORD = '(hidden)'; $PROMPT = '%'; my $exp = new Expect; $exp->exp_internal(1); $exp->raw_pty(1); $exp->log_stdout(0); my $command = '/bin/su'; my @parameters = ( '-', $USERNAME ); $exp->spawn( $command, @parameters ) \|\| die "cannot spawn \"$command:\ +" $!\n"; $exp->expect( $TIMEOUT, [ qr/password:\s*/i => sub { my $exp = shift; $exp->send($PASSWORD); exp_continue; } ], [ qr/$prompt/i => sub { my $exp = shift; $exp->send($AWK); exp_continue; } ], [ eof => sub { die "ERROR: could not spawn $command.\n"; } ], [ timeout => sub { die "Timed out.\n"; } ], ); $exp->soft_close(); exit(0); [download]	[reply] [d/l]