Login/Register
su and sudo in a shell script
Asked Answered
Solved linuxshellsudosu
G

6

6

There is a shell script (/bin/sh, not bash) that requires root permissions for execution.

If it is ran by a normal user it should ask user a password to get root access and re-run itself.

Now it uses the following code:

if [ $(id -u) -ne 0 ]; then su root -- $0 $@ ; ... fi

That works fine, but there are some OS like Ubuntu that has no root password at all. On the other hand, a lot of systems use sudo for root permissions.

The question is: how can the script detect whether to use su or sudo without asking the user to enter too much passwords (e.g. enter sudo password, if it fails - run su).

Gramercy answered 4/10, 2010 at 15:1 Comment(0)
E
3

There isn't a bullet-proof way of doing this, because any distribution can lay files in any way it wants. Debian and Ubuntu often place system files in directories other than Red Hat, for example. It's much easier to customize the script for the OS it's installed on.

Enrich answered 4/10, 2010 at 15:13 Comment(0)
S
6

It shouldn't. If script requires root privileges, it should be run as root. It's the user's business how he's going to accomplish that -- using su, sudo or some other mechanism.

If you are concerned with security issues and don't want to do everything from root, you can drop root privileges for those parts.

Sindysine answered 4/10, 2010 at 22:1 Comment(2)
zserge's comment below explains "That was the code used in older versions. Now I'm trying to get root privileges from the [installation] script, so the user don't have to restart it. Seems to be a little bit more user-friendly". Seems the fair basis for a question, and not inherently evil ;-).Dairy
@Tony: My point is that it's not user-friendly at all. This is an example of trying to be smarter than user. In some cases this might work, but it's far more likely to cause problems to the user. Also you should follow the principle of the least surprise. I'd be surprised (and would have some questions to the author) if some program would try to acquire root privileges using sudo without my consent.Sindysine
E
3

There isn't a bullet-proof way of doing this, because any distribution can lay files in any way it wants. Debian and Ubuntu often place system files in directories other than Red Hat, for example. It's much easier to customize the script for the OS it's installed on.

Enrich answered 4/10, 2010 at 15:13 Comment(0)
L
2

You can setup the account not to need a password for sudo in /etc/sudoers: 

yourusername ALL=(ALL) NOPASSWD: ALL

If you don't want to do that, you can force them to run the script as root. Add something like this to the top of your shell script: 

if [ "$UID" -ne 0 ]; then
    echo "You must be root to run this script"
    exit 1
fi

This way, the user can get to be root however they choose (su or sudo).

Lorgnon answered 4/10, 2010 at 15:6 Comment(4)
This script is a kind of installer - I don't run it at my host, but other users run it at their machines.Gramercy
What about the second part? Exiting early and prompting them to run the script as root.Lorgnon
That was the code used in older versions. Now I'm trying to get root privileges from the script, so the user don't have to restart it. Seems to be a little bit more user-friendlyGramercy
@zserge: you might prompt the user - "1: su to root and continue (you need the root password; 2: run the script with sudo (if permissioned); 3: abort installation"Dairy
J
1

Create one more .sh file from this file call your original .sh file like - 

su - oracle /u01/enlightics/Enlightiks/UploadFTP/ExportScript2.sh
Jetport answered 8/6, 2017 at 12:5 Comment(0)
G
0

Check if sudo ist installed

SU='su'
which sudo > /dev/null && SU='sudo'
Greaseball answered 4/10, 2010 at 15:14 Comment(5)
A nice way. But: there can be sudo installed on the machine, but the user has no permissions to run this script with sudo.Gramercy
That does not matter, because then, sudo will fail, without asking a password, and you can invoke su instead (just observe the outcome of sudo true).Greaseball
Maybe I'm wrong, but while user is allowed to run true it's not guaranteed that he can run our script. And, if user is allowed to run programs with password, he will be prompted when executing sudo true. I try to avoid unneeded password prompts.Gramercy
Okay, sudo true was garbage. Make sure your script returns 0 (true) and simply run that with sudo. Then, the user is asked only once, and if he cannot sudo your script, you will know because of the return value so that you can invoke su.Greaseball
I can't see anything better, but that still involves asking for the user's password then possibly having to ask for the root password afterwards: avoiding that is what the question's about.Dairy
C
0

While this doesn't fully answer your question, it's worth noting that you can check if the sudo package is installed using the following:

Debian based systems:

dpkg -s sudo

RPM based systems:

rpm -q sudo
Castleman answered 4/10, 2010 at 15:29 Comment(3)
What about gentoo, arch, or slackware users? To my mind, which sudo is a more general way to test if program is installed.Gramercy
And for that matter, what about Free/Open/Net BSD, macOS, Illumos, HP/UX, Android, webOS? If you must rely on something, rely on POSIX.1. Certainly not platform-specific packaging tools.Atavistic
hash somebinary is also a nice way to find a binary, especially if you are going to be calling the binary again as it caches the path for quicker execution, but you might need to redirect all output to /dev/null if you expect a failure and just want the exit code.Bode

© 2022 - 2024 — McMap. All rights reserved.