[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: using SUDO in bash script

On Thu, Feb 05, 2004 at 01:41:43PM +0100, Michael Rauch wrote:
> Rick Weinbender wrote:
> >Adam Aube wrote:
> >
> >
> >>On Wednesday 04 February 2004 03:23 pm, Rick Weinbender wrote:
> >>
> >>>Can I use SUDO within a bash script?
> >>
> >>Absolutely, though be aware that if sudo is set to require a password, you
> >>won't be able to run it in the background.
> >>
> >>By putting NOPASSWD before the command in /etc/sudoers, sudo will not
> >>require a password to run that command.
> >>
> >
> >
> >*****
> >
> >Thanks.
> >I'm new to SUDO, but I found a web clip that seems to be
> >what I'm going for.  Just can't make it work yet.
> >Can I avoid typing sudo before myprogram at the commandline?
> >
> >Clip Below:
> >*****************************************
> >Clipped from article:
> >"The one disadvantage of using sudo is that your users have to
> > remember to run "sudo ..." as part of their command.  However,
> > that's easy to work around by simply creating a wrapper shell
> > script.  This is a normal (non-SUID) shell script that simply does
> > something like:"
> >``
> >#!/bin/sh
> >exec /usr/bin/sudo /some/path/to/our/target/prog "$@"
> >''
> > (execute sudo, on the target program and pass our argument,
> > preserving any quoting as we specified it).
> >*****************************************
> >

This clip is what you want to do.

Save that shell script as the program name to run, for example save it


and give it executable permitions (chmod +x). When you users now run
sudoprog it will run the shell script that will call the program using
sudo. This will still ask for the password if sudo is setup to ask for
a password (very recomended).
Another option which is much less secure is to set the program setuid root
which will make it run as the root even when a normal user runs it (it
actually runs the program as the owner which in this case is root).
you need to make it owned by root and then run chmod 04755 prog. This
will give you no access control though so watch out. (you can also
limit the access a bit using group limitation by doing 
chgrp <prog group> prog and then chmod 04750 prog)
The advantage of sudo is that you can set a per user and per program
access settings.

> >Thanks,
> >-Rick
> instead of writing a shellscript you could also use aliases in the bash
> shell (don't know if it works in other shells though). to have your
> aliases available all the time, you can but them in your .bashrc file in
> your $HOME directory (you will probably already find some aliases
> defined in there).
> example:
> $ alias ls='cd'
> doesn't make much sense, but shows you how it works: ls is now defined
> as an alias for cd. so if you type 'ls /home' bash will actually invoke
> 'cd /home'
> similar you could use:
> $ alias myprogram='sudo myprogram'
> to make bash invoke myprogram with SUDO
> hth
> #!mike
> -- 
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact 
> listmaster@lists.debian.org
> +++++++++++++++++++++++++++++++++++++++++++
> This Mail Was Scanned By Mail-seCure System
> at the Tel-Aviv University CC.

Reply to: