Sudo will break importing my script - linux

I have a shell script (my.sh) which imports another file (myfile.env). The name of myfile.env is passed as an argument to my.sh. It works well as root and I want the ability to run it to be given for other users via sudo.
myfile.env
some shell scripts........
my.sh
ENVFILE="$1"
if [ -e $ENVFILE ] ; then
. $ENVFILE
fi
I call the my.sh as
sudo /abc/def/my.sh myfile.sh
sudoers file goes as below
Cmnd_Alias MYSUDO = /abc/def/my.sh, /bin/bash
%mygroup ALL = MUSUDO
Unfortunately this results with an error in the 3rd line in the my.sh code above. It says
.: myfile.env: cannot open [No such file or directory]
its funny that i get this error after a check on file exist returned true.
sudo -s and -E options didn't help (don't know whether I used them correctly)
Can someone please help me to resolve this? I am using CeNT OS 6.5

use sudo /abc/def/my.sh /absolute/path/to/myfile.env
If myfile.sh is supposed to be in the same dir as my.sh, then my.sh can do this:
ENVFILE=$(dirname "$0")/"$1"

Finally I was able to get it done. It was setting in the sudoer file to get the directories (the folder in with those files were) into safe path list.
All I had to do was,
run visudo
and append the two dolders (where the files are) into
Defaults secure_path list
That will add those directories into the PATH when a user get elevated rights.
https://askubuntu.com/questions/128413/setting-the-path-so-it-applies-to-all-users-including-root-sudo

Related

Using mkdir in my bash script and getting permission denied

i have script that is owned by root in a directory owned by root. part of the script is to make a directory that will hold the inputs/outputs of that script. i also have a sim link to that script so any user can run it from anywhere. i don't use the temp directory so this info can be used as logs later.
Problem: when a user tries to run the script they get an error that the directory cannot be created because of permission denied.
Questions: why won't the script make the directory so root owns it independent of what user runs it? how can the script make the directory so root owns it instead of the user that ran it? only the script needs this info, not the user.
Additional info:
the directory is: drws--s--x.
the script is: -rwxr-xr-x.
(if you need to know) the line in the script is simply: mkdir $tempdirname
i am matching the permissions of other scripts on the same server that output text files correctly, but since mine is a directory i'm getting permission errors.
i have tried adding the permissions for suid and sgid. suid sounded like the correct solution since it should make the script run as if it were run by the user that owns the script. (why isn't this the correct solution?)
i would like any user to be able to type in the sim link name, that will run the script that is owned by root in the directory that is owned by root, and the directories created by that script will stay in its own directory. and the end user has no knowledge or access to the inner workings of this process. (hence owned by root)
Scripts run as the user that runs them; the owner of the file and/or the directory it's in are irrelevant (except that the user needs read and execute permission to the file and directory). Binary executables can have their setuid bit set to make them always run as the file's owner. Old unixes allowed this for scripts as well but this caused a security hole, so setuid is ignored on scripts in modern unixes/Linuxes.
If you need to let regular users run a script as root, there are a couple of other ways to do this. One is to add the script to your /etc/sudoers file, so that users can use sudo to run it as root. WARNING: if you mess up your /etc/sudoers file, it can be hard to recover access to clean it up and get back to normal. Make a backup first, don't edit it with anything except visudo, and I recommend having a root shell open so if something goes wrong you'll have the root access you need to fix it without having to promote via sudo. The line you'll need to add will be something like this:
%everyone ALL=NOPASSWD: /path/to/script
If you want to make this automatic, so that users don't have to explicitly use sudo to run the script, you can start the script like this:
#!/bin/bash
if [[ $EUID -ne 0 ]];
then
exec sudo "$BASH_SOURCE" "$#"
fi
EDIT: A simpler version occurred to me; rather than having the script re-run itself under sudo, just replace the symlink with a stub script like this:
#!/bin/bash
exec sudo /path/to/real/script "$#"
Note that with this option, the /etc/sudoers entry must refer to the real script's path, not that of the symlink. Also, if the script doesn't take arguments, you can leave the "$#" off. Or use it, it won't do any harm either.
If messing with /etc/sudoers sounds too scary, there's another option: you could "compile" the script with shc (which actually just makes a binary executable wrapper around it), and make that setuid root (chmod 4755 /path/to/compiled-script; chown root /path/to/compiled-script). Since it's in a binary wrapper, setuid will work.

How do you run bash script as a command?

I have a bash script, which I use for configuration of different parameters in text files in my wireless access media server.
The script is located in one directory, and because I do all of configurations using putty, I have to either use the full path of the file or move to the directory that contains the file. I would like to avoid this.
Is it possible to save the bash script in or edit the bash script so that I can run it as command, for example as cp or ls commands?
The script needs to be executable, with:
chmod +x scriptname
(or similar).
Also, you want the script to be located in a directory that is in your PATH.
To see your PATH use:
echo $PATH
Your choices are: to move (or link) the file into one of those directories, or to add the directory it is in to your PATH.
You can add a directory to your PATH with:
PATH=$PATH:/name/of/my/directory
and if you do this in the file $HOME/.bashrc it will happen for each of your shell's automatically.
You can place a softlink to the script under /usr/local/bin (Should be in $PATH like John said)
ln -s /path/to/script /usr/local/bin/scriptname
This should do the trick.
You can write a minimal wrapper in your home directory:
#!/bin/bash
exec /yourpath/yourfile.extension
And run your child script with this command ./NameOfYourScript
update: Unix hawks will probably say the first solution is a no-brainer because of the additional admin work it will load on you. Agreed, but on your requirements, my solution works :)
Otherwise, you can use an alias; you will have to amend your .bashrc
alias menu='bash /yourpath/menuScript.sh'
Another way is to run it with:
/bin/bash /path/to/script
Then the file doesn't need to be executable.

ssh not working correctly with sudo

Good morning everyone! I have a bash script starting automatically when the system boots via the .profile file in the users home directory:
sudo menu.sh
The script starts just as expected however, when calling things like ssh UN#ADDRESS inside the script, the known_hosts file gets placed in the /root/.ssh directory instead of the user account calling the script! I have tried modifying .profile to call 'sudo -E menu.sh' and 'sudo -H menu.sh', but both fail to have the known_hosts file created in the users home directory that's calling the script. My /etc/sudoers is as follows:
# Declarations
Defaults env_keep += "HOME USER"
# User privilege specification
root ALL=(ALL) ALL
user ALL=NOPASSWD: ALL
Any help would be appreciated!
Thanks
Dave
UPDATE: so what I did as a work around is go through the script and add 'sudo -u $USER' before specific calls (since sudo is supposed to keep the $USER env var). This to me seems like a very bad way of resolving this problem. It sudo is supposed to keep the USER and HOME directory variables upon launching menu.sh, why would I need to explicitly call sudo once again as a specific user in order to retain that information (even though sudo is being told to keep it via the /etc/sudoers file). No clue, but wanted to update this post for anyone that comes across it until a better solution can be found.
Regarding OpenSSH, the default location for known_hosts is ~/.ssh/known_hosts. Ssh doesn't honor $HOME when expanding a "~" in a filename. It looks up the user's actual home directory and uses that. When you run ssh as root, it's going to interpret that pathname relative to root's home directory no matter what you've set HOME to.
You could try setting the ssh parameter UserKnownHostsFile to the name of the file you'd like to use:
ssh -o UserKnownHostsFile=$HOME/.ssh/known_hosts user#host...
However, you should test this. Ssh might complain about using a file that belongs to another user, and if it has to update the file then the file might end up being owned by root.
Really, you're best off running ssh as the user whose .ssh folder you want ssh to use. Running processes through sudo creates a risk that the user can find a way to do things you didn't intend for them to do. You should limit that risk by using the elevated privileges as little as possible.

Add a bash script to path

I want to add a small script to the linux PATH so I don't have to actually run it where it's physically placed on disk.
The script is quite simple is about giving apt-get access through a proxy I made it like this:
#!/bin/bash
array=( $# )
len=${#array[#]}
_args=${array[#]:1:$len}
sudo http_proxy="http://user:password#server:port" apt-get $_args
Then I saved this as apt-proxy.sh, set it to +x (chmod) and everything is working fine when I am in the directory where this file is placed.
My question is : how to add this apt-proxy to PATH so I can actually call it as if it where the real apt-get ? [from anywhere]
Looking for command line only solutions, if you know how to do by GUI its nice, but not what I am looking for.
Try this:
Save the script as apt-proxy (without the .sh extension) in some directory, like ~/bin.
Add ~/bin to your PATH, typing export PATH=$PATH:~/bin
If you need it permanently, add that last line in your ~/.bashrc. If you're using zsh, then add it to ~/.zshrc instead.
Then you can just run apt-proxy with your arguments and it will run anywhere.
Note that if you export the PATH variable in a specific window it won't update in other bash instances.
You want to define that directory to the path variable, not the actual binary e.g.
PATH=$MYDIR:$PATH
where MYDIR is defined as the directory containing your binary e.g.
PATH=/Users/username/bin:$PATH
You should put this in your startup script e.g. .bashrc such that it runs each time a shell process is invoked.
Note that order is important, and the PATH is evaluated such that if a script matching your name is found in an earlier entry in the path variable, then that's the one you'll execute. So you could name your script as apt-get and put it earlier in the path. I wouldn't do that since it's confusing. You may want to investigate shell aliases instead.
I note also that you say it works fine from your current directory. If by that you mean you have the current directory in your path (.) then that's a potential security risk. Someone could put some trojan variant of a common utility (e.g. ls) in a directory, then get you to cd to that directory and run it inadvertently.
As a final step, after following the solution form proposed by #jlhonora (https://stackoverflow.com/a/20054809/6311511), change the permissions of the files in the folder "~/bin". You can use this:
chmod -R 755 ~/bin
make an alias to the executable into the ~/.bash_profile file and then use it from anywhere or you can source the directory containing the executables you need run from anywhere and that will do the trick for you.
adding to #jlhonora
your changes in ~./bashrc or ~./zshrc won't reflect until you do
source ~./zshrc or source ./bashrc , or restart your pc

command not found in bash-3.2$

I tried running a script file using bash but it showed an error
bash-3.2$ example.sh : command not found
I also tried
ls -l example.sh
I found that it was not executable, so I used
sudo chmod 777 example.sh
I again tried running it but same error was coming. I double checked that I am in the same folder as the file using ls. But still I am not able to execute the script file.
I finally tried making a dummy script file and running it , and found the same error
I think there is some problem with BASH. Can some one help me with what is the problem?
I am working on redhat, bash was already installed in my system
Since I am newbie on linux any help would be appreciated
bash search for commands in your $PATH. Apparently the current directory, ., is not in your $PATH. (This is a good thing; having . in your $PATH is insecure.)
You'll need to specify a directory name. Just type:
./example.sh
Incidentally, doing:
sudo chmod 777 example.sh
is two kinds of overkill. First, you don't need to use sudo; use sudo only when you actually need to. Presumably your personal account owns the file, so you can just use chmod directly.
Second, 777 is way too permissive. It allows anyone on the system to read, execute, or modify example.sh. (If you're the only person on the system it may not matter much, but it's still a bad habit.) Typically you should use 755 for directories and for files that need to be executable, and 644 for files that don't need to be executable.
Or just use
chmod +x example.sh
to set execute permission (your umask will prevent that from setting the permissions too loosely).
. (the current directory) is probably not on your path. Try ./example.sh or bash example.sh. You could also add . to your PATH environment variable, but that's generally frowned upon.
Your bash PATH probably doesn't include ., try running it by typing:
./example.sh
When you type a command, your shell searches your path to try to find the command, if the current directory (e.g. .) isn't part of the path, the script that you are trying to run won't be found. You'd have to explicitly give it the path to where this command is. And since it's in your current directory, you can just add ./ in front of the command.
first confirm the bash path
to check the path of bash use:
which bash
if you get "/bin/bash"
then add
#!/bin/bash
...
...
or whatever is the path on first line of your bash script

Resources