The "sushc" program enables you to run a shell-script as a different one to the current one you are logged in as in a secure manner. For example, imagine you are running a script as follows as the user "transfer"...
#!/bin/bash # # Shell script run as transfer # read NEW_PASSWORD ... ... sushc oracle /home/oracle/tpwsql.sh "$NEW_PASSWORD" ... ...
Then - in a script with a file name of "/home/oracle/tpwsql.sh" owned by the the user "oracle"...
#!/bin/bash # # Shell script called by transfer to run as ORACLE dba # # To grant permission on "transfer" to run this using sushc: # # sushc -grant transfer # sushc -end # # Now to run something like this: export PASSWORD="$1" # Read parameter . oraenv TRANSFER # Set up ORACLE environment # # Prevent SQL injection # PASSWORD=`echo $PASSWORD | tr -d ";()'\"![:cntrl:]"` sqlplus /nolog <<! connect / as sysdba spool /home/oracle/log/sqlscripts.log alter user transfer identified by $PASSWORD; spool off !
The "sushc -grant transfer" line enables the user "transfer" to run this (as "oracle"), even in a comment like the above. Both this line and the "sushc -end" line are explained in detail in The Manual.