I have a bash script that must be run by the root user, however, I would like that script to force the user to exit root automatically. I know you exit root by typing 'exit' into the command line, but putting that into the bash script will just exit the script. Help is appreciated!
You can try to use the suggestion given by William
$sudo ./your.sh
You can also use sudo -v at the start of your script to ask for the sudo password.
And sudo -k at the end to clear the cache.
Simply stick something like this to the beginning of your script:
if [ "$(whoami)" == root ]; then
echo "ERROR: root cannot run this script"
exit 1
fi
That will enforce that you can run the script only as a regular user and when the script exits you will be the regular user again. Then put a sudo in front of every command that in the script that does need root permission. With caching sudo credentials the user of your script needs to enter his/her pwd only once.
Related
I always want to run a script as user1, but the code flow always runs it as root. So, I want to check the current user inside the script. If it is root, I want to run the rest of the script as user1.
I want to do something similar to this. But only difference is I need to run the script as a particular user (say user1). So, when I find that the current user is not user1, I do not want to exit but want to run rest of the shell script as user1.
How can I achieve this?
Thanks #User123. But I was facing some issues with that solution as there are many functions and variables in the script. Not sure what the problem exactly is. But, this worked for me now:
if [ $USER == <undesired user> ]; then
echo Current user is $USER. Running the script as <desired user>
su -c 'sh <script.sh>' <desired user>
else
echo Current user is $USER
...
<rest of the script>
...
fi
I have the following bash script to restart the network manager in Debian. The script works as is it should, but not as I would like it to. When the script asks for the sudo password I am able to pass it along using echo, but it displays the password in terminal while the script executes, making it less asthetically pleasing than I would like. Is there anyway to have the script enter the password, but not display the password text while the script calls for the sudo password?
I have tried as many suggestions on Stack Overflow as i could find, well as Stack Exchange before submitting this question.
Script is as follows:
#!/bin/bash
clear
echo "Restarting service Network Manager"
echo""
sleep 1
echo -e "\033[0;31m......................................\033[0m"
echo -e "\033[0;31m......................................\033[0m"
sleep 1
echo""
sudo service network-manager restart
sleep 2
echo <Password>
sleep 2
echo "Service Network Manager Restarted"
sleep 1
echo ""
echo "Relinquishing control of terminal to user..."
sleep 7
clear
Remove the echo <Password> line? I am pretty sure it does nothing other than display the password, as sudo apparently (through an appropriate entry in /etc/sudoers) works without you having to give a password. (What you write to terminal with echo does not get passed to any other process.)
Generally speaking, you can use sudo -S to make sudo expect the password on stdin. But also generally speaking, if you have to hardcode a password in a script, you're doing it wrong in some way.
Is there anyway to have the script enter the password
Putting password in script is not a good idea. First, from security point of view, password may be recovered from script from anyone with access to script. Second, from maintenance view, once you change your password, scripts suddenly stop working and you have to update them all.
Fortunately, as you are already using sudo there is better solution. You can configure sudo to allow running certain command without password, by using NOPASSWD rule in /etc/sudoers.
myuser ALL=(ALL) NOPASSWD: service network-manager restart
See:
How do I run specific sudo commands without a password?
How to run a specific program as root without a password prompt?
Warning: Always edit /etc/sudoers with visudo, never directly. It prevents you from breaking /etc/sudoers. Once you break your /etc/sudoers, you won't be able to use sudo, including using sudo to fix /etc/sudoers.
try this /bin/echo -e "password\n" | sudo apt-get update
or see this Use sudo with password as parameter
Why the output file from this is owned by root and not w3svcsadm?
sudo -u w3svcsadm echo "TEST ran" > /home/your/emaildigest/TEST_$( date +%Y%m%d%H%M%S ).output
I'm running into some issues with cron, and I believe this is the key to my problems.
Using the -u flag with sudo executes the command 'echo "TEST ran"' as the user w3svcasadm, but that command isn't the thing doing the work of outputting to a file, which is done by the '>' operator. By the time bash is using that operator, it's already switched back to the user running the shell. If that user is root, then the file will be created under root. In your script, you could use "su w3svcsadm" to switch the shell user before executing that command, then you wouldn't have to use that -u flag at all.
I want to send an email when the system is going to shutdown to an email ID. I have CentOS 6.4. Below is my Script.
cat /ect/init.d/sendshtmail
#!/bin/bash
EMAIL="example#example.com"
SHUTDOWNSUBJECT="["`hostname`"] - System Shutdown"
SHUTDOWNBODY="This is an automated message to notify you that "`hostname`" is shutting down.
LOCKFILE=/var/lock/subsys/SystemEmail
echo "${SHUTDOWNBODY}" | mutt -s "${SHUTDOWNSUBJECT}" ${EMAIL}
It has the appropriate permission. While running it manually it's working perfectly. I have just symlinked it to /etc/rc0.d/ folder. By issuing below command.
ln -s /etc/init.d/sendshtmail /etc/rc0.d/K00sendshtmail
But the script is not sending any email during shutdown. Thanks in Advance.
Place your shell script in /etc/init.d with executable permission and symlink name should start with K##. If you want to execute your script at first place immediately after shut down then name it with K00scriptname. Script started will K will be executed first based on ascending order then script with S.
ln -s /etc/init.d/script /etc/rc0.d/K00scriptname
Shutdown command will send the stop signal to script, your script (K00scriptname) should have stop function like example
stop()
{
echo "executing scriptname"
"Your script logic"
}
case "$1" in
stop)
stop
;;
esac
Most important, K00scriptname will execute only if there would be lock file present in /var/lock/subsys folder, so do "touch /var/lock/subsys/scriptname" then check by doing shutdown.
Try to set executable permissions for your script. Sometimes you need to do that to activate it.
chmod 755 /etc/init.d/sendshtmail
Also try to use absolute paths for your command, while quoting the other variable as well.
echo "${SHUTDOWNBODY}" | /usr/bin/mutt -s "${SHUTDOWNSUBJECT}" "${EMAIL}"
Another attempt is to switch your user to your current user e.g.
echo "${SHUTDOWNBODY}" | su -l -c "/usr/bin/mutt -s \"${SHUTDOWNSUBJECT}\" \"${EMAIL}\"" yourusername
ln -s /etc/init.d/sendshtmail /etc/rc0.d/S01sendshtmail
The symlink name should begin with a S - for Start (K for Kill)
The two-digit specifies the order of execution for your script, the lowest numbered being execute first.
In Linux how can I enter the password for one of the commands in a chain of commands which requires a sudo. One example which I can think of is when after running a long compile job, I want to shutdown the machine.
make ; sudo init 0
I want the shutdown command to run only after make finishes, but would like to enter the password right away, because I won't be there when the first command is done. Also, I don't want to run "make" with super user privileges. So switching to root and running the commands is also out of the question.
Thanks!
sudo sh -c "su -c 'make' $USER && init 0"
Change your uid early and often. That's the Chicago way!
You can run sudo -v to update the sudo timestamp - this means you won't need to enter a password for x minutes (default is 5). You can change the timeout by editing the timestamp_timeout in the sudoers file.
You also might want to change your command to
make && sudo init 0
which will only shut down if make completes successfully.
One possibility is to use Expect
to automate the password input.
Here's a simple HOW-TO for expect and passwords: http://www.linux.com/archive/feed/56066
Another possibility is to edit your /etc/sudoers and set your user to be able to use sudo without password. if you check the file it will be explained in the comments there.
Why not pipe the password into sudo?
make; echo 'password' | sudo -S init 0
Change the timeout for sudo to something long enough to cover your usage, then run something like sudo echo to authenticate, then run your other commands. As long as the password timeout hasn't been reached, it should execute without asking again.
You can add that to your sudoers file
username ALL = NOPASSWD: /sbin/init
where username is the username you want to allow.