How to input password when evaluate code block in Emacs org-mode?
Asked Answered
U

2

15

I have a shell code block in Org file. And there's "sudo" command in it. So I should be asked to key in password. But when I evaluate it, it just return error for "sudo" command. Is it there's any way to make the evaluation kind of interactive?

Ugric answered 13/5, 2014 at 2:12 Comment(0)
R
24

Yes, there is, by adding appropriate header arguments to the #+BEGIN_SRC line:

#+BEGIN_SRC sh :dir /sudo::
apt-get update
#+END_SRC

Source: Running a sudo in a #+begin_src sh fails to get tty and askpass on the emacs-orgmode mailing list.

Explanation: The :dir argument

specifies the default directory during code block execution. If it is absent, then the directory associated with the current buffer is used.

By passing /sudo:: as a value to :dir we are making use of TRAMP syntax for accessing files or directories with superuser privileges. Note that in the example above we are not specifying a directory to use after ::. In this case, /root will be used as a default. So essentially, what we are saying to Org Babel is "Access /root as root and use that location as the default directory when executing this code".

You can specify a different directory to use by changing /sudo:: to

/sudo::/path/to/dir

EDIT

If you need some commands in the code block to run without superuser privileges, you can do so by putting

sudo -u <username>

in front of them (replacing <username> with the user name of a regular user). For illustration purposes, let's say your user name is enchanter, and you want any commands in your code block that don't require superuser privileges to be run as your own user. In this case, you would have to prefix each of these commands with

sudo -u enchanter

You can check that this works using whoami (which prints the name of the user that is currently "active"). Add

#+BEGIN_SRC sh :dir /sudo::
whoami
sudo -u enchanter whoami
whoami
#+END_SRC

to your org-mode file and evaluate it. The output will be:

#+RESULTS:
| root       |
| enchanter  |
| root       |

Credits

I am sure there are other posts on StackExchange/The Internet addressing the issue of running commands as a different user, but I stopped looking after I had found these...

Rimola answered 13/5, 2014 at 7:55 Comment(3)
Thanks for you answer. But I think that will make all the command in the block run as sudo. But I only expect some of them run as SUDO. I got another ugly solution for now is use echo "<password>" | sudo -S <command>. I have to put my password in the org file which I don't really like it.Ugric
@Ugric There is a solution for that as well. I've edited my answer to include it. (And yes, storing passwords in plain text is a Bad Idea.Rimola
That's great. it is really opened my mind and try to solve the problem in different way.Ugric
G
8

The answer from @itsjeyd is good when you have most commands to run as SUDO.

But when you only have a small portion commands to run as SUDO, you have to code a lot of sudo -u <username> and you have to pass user name as variable if you want that block can be run by users.

For that case, I have a solution to use echo <password> | sudo -S <your command>

Here is the example:

#+BEGIN_SRC sh :var PASSWORD=(read-passwd "Sudo Password: ")
   # some normal commands here and there

   # run sudo
   echo ${PASSWORD} | sudo -S <your command>

   # more normal commands
#+END_SRC
Guffey answered 28/8, 2015 at 23:52 Comment(2)
IMHO this is really bad idea. In this way you are displaying your root password in process list and any user/app on your computer can get it.Bolo
which makes zero issues for the few seconds on a single user machine.Herriott

© 2022 - 2024 — McMap. All rights reserved.