Is there any possibility to perform graceful restart and check apache config syntax without being root or having root privileges?
I have already tried to set suid bit to the script which performs restart. Here is the script itself:
#!/bin/bash
FILENAME=$1
DATE=`date +%Y%m%d`
DIRECTORY='bckp/'
if [ ! -d "$DIRECTORY" ]; then
echo "Backup directory doesn't exist. Creating one."
mkdir $DIRECTORY
fi
if [ -z "$FILENAME" -a ! -f "$FILENAME" ]; then
FILENAME="webdav.conf"
echo "No file specified. Backing up webdav.conf"
fi
REV=0
BACKUP="$FILENAME.$DATE.$REV"
while [ -f $BACKUP ]; do
let REV+=1
BACKUP="$DIRECTORY$FILENAME.$DATE.$REV"
done
cp $FILENAME $BACKUP
echo $OUTPUT
OUTPUT=$(apache2ctl configtest 2>&1)
if [ "$OUTPUT" == "Syntax OK" ]; then
echo "Syntax OK"
echo "Performing restart"
apachectl -k graceful 2>&1
fi
exit $?
here is the ls -l for this file:
-rwsrwxr-x 1 root user 645 2012-04-26 18:05 graceful-restart
When i try to run this script i get the following output:
No file specified. Backing up webdav.conf
ulimit: 88: error setting limit (Operation not permitted) Syntax OK
I'm interested if it is possible to perform what i've described.
Linux will not honor the suid bit on a shell script. Read this for more information.
A common solution for this is the sudo command. With an entry like this in /etc/sudoers:
yourname ALL = NOPASSWD:/path/to/graceful-restart
You could run:
sudo /path/to/graceful-restart
And this would run with root privileges without prompting you for a password. See the sudoers man page for more information on the syntax of the sudoers file.
Related
We give the upmost permission to a file or directory, using this command:
sudo chmod -R 777 directory
Now I want to know if this command is already executed for a given directory.
I know I can use -r for read, -w for write, and -x for execution, in [ test ] blocks.
But I want to know two things:
Is it also a directory?
Does it have those permissions for everyone?
How can I get that info?
Update
Based on #Barmar comment, I came up with this. But it's not working:
if [ stat /Temp | grep -oP "(?<=Access: \()[^)]*" == '' ]; then
echo '/Temp folder has full access'
else
sudo chmod -R 777 /Temp
fi
This command works though:
stat /Temp | grep -oP "(?<=Access: \()[^)]*"
# prints => 0777/drwxrwxrwx
How should I fix the syntax error of my if-else statement?
You don't need to process the output of stat with grep; you can ask stat to only produce the specific information you want. See the man page regarding the --format option. We can for example write:
# ask stat for the file type and mode, and put those values into $1
# and $2
set -- $(stat --format '%F %a' /Temp)
if [[ $1 == directory ]]; then
if [[ $2 == 777 ]]; then
echo "/Temp folder has full access"
else
sudo chmod -R 777 /Temp
fi
else
echo "ERROR: /Temp is not a directory!" >&2
fi
A simple example:
#!/bin/bash
function setfullperm(){
[ -d $1 ] && \
(
[ "$(stat --format '%a' $1)" == "777" ] && \
echo "Full permissions are applied." || \
( echo "Setting full permissions" && sudo chmod -R 777 $1 )
) || \
( echo "$1 is not a directory !" && mkdir $1 && setfullperm $1 )
}
export setfullperm
Source the script:
$ source example.sh
Set full permissions (777) on any directory, it tests if the directory exists in the first place, if not it will create it and set the permissions.
It will export the function setfullperm to the shell so you can run it:
>$ setfullperm ali
ali is not a directory !
mkdir: created directory 'ali'
Setting full permissions
>$ setfullperm ali
Full permissions are applied.
If using zsh (But not other shells), you can do it with just a glob pattern:
setopt extended_glob null_glob
if [[ -n /Temp(#q/f777) ]]; then
echo '/Temp folder has full access'
else
sudo chmod -R 777 /Temp
fi
The pattern /Temp(#q/f777) will, with the null_glob and extended_glob options set, expand to an empty string if /Temp is anything but a directory with the exact octal permissions 0777 (And to /Temp if the criteria are met). For more details, see Glob Qualifiers in the zsh manual.
I don't recommend using stat for this. Though widespread, stat isn't POSIX, which means there's no guarantee that your script will work in the future or work on other platforms. If you're writing scripts for a production environment, I'd urge you to consider a different approach.
You're better off using ls(1)'s -l option and passing the file as an argument. From there you can use cut(1)'s -c option to grab the file mode flags.
Get file type:
ls -l <file> | cut -c1
Also, don't forget about test's -d operator, which tests if a file is a directory.
Get owner permissions:
ls -l <file> | cut -c2-4
and so on.
This approach is POSIX compliant and it avoids the shortcomings of using stat.
I'm new to Ubuntu and bash scripts, but I just made runUpdates.sh and added this to my .profile to run it:
if [ -f "$HOME/bin/runUpdates.sh" ]; then
. "$HOME/bin/runUpdates.sh"
fi
The problem I'm having is, I want the script to run as if root is running it (because I don't want to type my sudo password)
I found a few places that I should be able to do sudo chown root.root <my script> and sudo chmod 4755 <my script> and when I run it, it should run as root. But it's not...
The script looks good to me. What am I missing? -rwxr-xr-x 1 root root 851 Mar 23 21:14 runUpdates.sh*
Can you please help me run the commands in this script as root? I don't really want to change the sudors file, I really just want to run the commands in this script at root (if possible).
#!/bin/sh
echo "user is ${USER}"
#check for updates
update=`cat /var/lib/update-notifier/updates-available | head -c 2 | tail -c 1`;
if [ "$update" = "0" ]; then
echo -e "No updates found.\n";
else
read -p "Do you wish to install updates? [yN] " yn
if [ "$yn" != "y" ] && [ "$yn" != "Y" ]; then
echo -e 'No\n';
else
echo "Please wait...";
echo `sudo apt-get update`;
echo `sudo apt-get upgrade`;
echo `sudo apt-get dist-upgrade`;
echo -e "Done!\n";
fi
fi
#check for restart
restartFile=`/usr/lib/update-notifier/update-motd-reboot-required`;
if [ ! -z "$restartFile" ]; then
echo "$restartFile";
read -p "Do you wish to REBOOT? [yN] " yn
if [ "$yn" != "y" ] && [ "$yn" != "Y" ]; then
echo -e 'No\n';
else
echo `sudo shutdown -r now`;
fi
fi
I added the user is to debug, it always outputs my user not root, and prompts for the sudo password (since I'm calling the commands with sudo) or tells me are you root? (if I remove sudo)
Also, is there a way to output the update commands stdout in real time, not just one block when they finish?
(I also tried with the shebang as #!/bin/bash)
setuid does not work on shell scripts for security reasons. If you want to run a script as root without a password, you can edit /etc/sudoers to allow it to be run with sudo without a password.
To "update in real time", you would run the command directly instead of using echo.
Its not safe to do, you should probably use sudoers but if you really need/want to, you can do it with something like this:
echo <root password> | sudo -S echo -n 2>/dev/random 1>/dev/random
sudo <command>
This works because sudo doesn't require a password for a brief window after successfully being used.
SUID root scripts were phased out many years ago if you really want to run scripts as root you need to wrap them in an executable, you can see an example on how to do this on my blog:
http://scriptsandoneliners.blogspot.com/2015/01/sanitizing-dangerous-yet-useful-commands.html
The example is how to change executable permissions and place a filter around other executables using a shell script but the concept of wrapping a shell script works for SUID as well, the resulting executable file from the shell script can be made SUID.
https://help.ubuntu.com/community/Sudoers
I've created a simple bash script that creates a hybrid iso. But when I try to run it, I get the output:
hybridiso.sh: line 58: syntax error: unexpected end of file.
I've checked the script and tried to makes changes to it but I still get the same output. What's wrong with the script?
#!/bin/bash
##Sanity Cheks##
if [ "$(whoami)" != root ]; then
echo "You must be root to execute this script."
fi
if [ ! -x /usr/bin/xorriso ]; then
echo "xorriso is not installed. Run 'apt-get install xorriso' to install it."
exit 1
fi
if [ ! -x /usr/bin/live-build ]; then
echo "live-build is not installed. Run 'apt-get install live-build' to install it."
exit 1
fi
if [ ! -x /usr/bin/syslinux ]; then
echo "syslinux is not insatlled. Run 'apt-get install syslinux' to install it."
exit 1
fi
if [ ! -x /usr/bin/mksquashfs ]; then
echo "squashfs-tools is not installed. Run 'apt-get install squashfs-tools' to install it."
exit 1
fi
###############
mkdir $PWD/hybridiso
cd hybridiso
mkdir -p binary/live && mkdir -p binary/isolinux
read -e -p "Enter local file path for linux kernel " kernel
read -e -p "Enter local file path for initrd " initrd
cp $kernel binary/live/ && cp $initrd binary/live/
#mksquashfs chroot binary/live/filesystem.squashfs -comp xz -e boot
cp /usr/lib/syslinux/isolinux.bin binary/isolinux/
cp /usr/lib/syslinux/menu.c32 binary/isolinux/
while true; do
read -p "Do you have an isolinux.cfg? " resp
if [ $resp -eq no ]; then
echo "You need to create a valid isolinux.cfg file!"
echo "Creating example file $PWD/isolinux.cfg.example"
echo -e "ui menu.c32\nprompt 0\nmenu title Boot Menu\ntimeout 300\n\n\nlabel live-amd64\n menu label ^Live (amd64)\n menu default\n linux /live/linux\n append initrd=/live/initrd.gz boot=live persistence quiet\n\n\nlabel live-amd64-failsafe\n menu label ^Live (amd64 failsafe)\nlinux /live/linux\nappend initrd=/live/initrd.gz boot=live persistence config memtest noapic noapm nodma nomce nolapic nomodest nosmp nosplash vga=normal\n\n\nendtext" >> isolinux.cfg.example
exit 1
elif [ $resp -eq yes ]; then
break
else
"Put only in yes or no"
fi
read -e -p "Enter local file path for isolinux.cfg" isolinux
cp $isolinux binary/isolinux/
xorriso -as mkisofs -r -J -joliet-long -l -cache-inodes -isohybrid-mbr /usr/lib/syslinux/isohdpfx.bin -partition_offset 16 -A "Debian Live" -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -o kiosk.iso binary
echo "Script is succesfull!"
exit 0
You haven't terminated the while loop with done anywhere; Add done at the appropriate location.
I've got a redirect dilemma that I can't get past in a bash backup script I'm developing in CentOS 6.4. I want to redirect all output to two separate files: one tmp and one permanent. The script loops through an external source list and I'd like for the tmp log files to be specific to the source, so that I can send an email if that specific source had errors containing that log (and conversely remove the tmp if the backup completes without error).
I'm using exec to tee my output:
exec > >(tee -a ${templog} /var/log/rob/rob.log) 2>&1
This works if I place at the top of the script, but here the variable isn't defined yet, so I can't do source-specific logs.
If I place this within the while loop, it grabs the variable, but writes a copy of each line determined by the total iterations of the loop; for the example below, I have four sources it iterates through, so I get output for each source in quadruplicate:
-S-07/11/14 09:15:35 ROB-Source Process for cc2-gamma has started-S-
-S-07/11/14 09:15:35 ROB-Source Process for cc2-gamma has started-S-
-S-07/11/14 09:15:35 ROB-Source Process for cc2-gamma has started-S-
-S-07/11/14 09:15:35 ROB-Source Process for cc2-gamma has started-S-
Share cc2-gamma is not Mounted. Try 1 of 5 to mount...
Share cc2-gamma is not Mounted. Try 1 of 5 to mount...
Share cc2-gamma is not Mounted. Try 1 of 5 to mount...
Share cc2-gamma is not Mounted. Try 1 of 5 to mount...
Is there a different way to tee the output within the loop to prevent this (without touching each line of course)? Or is there something rotten in my loops that I'm not seeing? Here's the whole script. Please excuse the mess and style.. I'm clearly not finished. I didn't include the config.conf and backup source file as they don't affect the output. Let me know if needed. Thanks.
#!/bin/bash
#V.2014.0723 - Radation Oncology Backup script
#declarations
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/rob
source /rob/conf/config.conf
while read smbdir 'smbpath' exclfile drive foldername; do
#loop declarations
mountedfile=/rob/${smbdir}.MOUNTED
runningfile=/rob/${smbdir}.RUNNING
lastrunfile=/rob/${smbdir}_${foldername}.LASTRUN
templog=/rob/${smbdir}_${foldername}.TMPLOG
errorfile=/rob/${smbdir}_${foldername}.HAD_ERRORS
backupfile=/rob/${baname:0:3}_rtbackup.sql.bz2 # for the -l seccton below -- sql backup of backup.sql
#exec > >(tee -a ${templog} /var/log/rob/rob.log) 2>&1
### SOURCE BACKUP ##############################################################################################
if [ "$1" == "-s" ]
then
exec > >(tee -a /var/log/rob/rob.log ${templog}) 2>&1
#Write Source STDOUT and STDERR to both permanent and temporary log file. Must be in loop to use variables.
#exec > >(tee -a ${templog} /var/log/rob/rob.log) 2>&1
#exec > >(tee -a /var/log/rob.log ${templog}) 2>
if [ "${sources_active}" == "1" ]
then
echo "-S-$(date "+%m/%d/%y %T") ROB-Source Process for $smbdir has started-S-"
# unmount all cifs shares, due to duplicate mounts, write file to prevent concurrentcy
umount -a -t cifs > /dev/null
# The following will test to see if the souce is mounted, and if not, mount it.
for i in {1..5}
do
if mountpoint -q /mnt/${smbdir}/${drive}/${foldername}
then
echo "Share ${smbdir} is Mounted."
touch $mountedfile
break
else
sleep 2
echo "Share ${smbdir} is not Mounted. Try $i of 5 to mount..."
mkdir -p /mnt/${smbdir}/${drive}/${foldername} > /dev/null
mount -t cifs ${smbpath} -o ro,username=<USER>,password=<PW>,workgroup=<DOMAIN> /mnt/${smbdir}/${drive}/${foldername}
fi
done
# Test to see if above was successful, and if rob is not already running, run the backup.
if [[ -f ${mountedfile}&& ! -f ${runningfile} ]]
then
src="/mnt/${smbdir}/$drive"
dst="/backup/rob/"
touch ${runningfile}
/root/bin/rtbackup -m /mnt -p ${src}/${foldername} -b ${dst} -x #${exclfile}
if [ "$?" -ne "0" ]; then
#Errors Running RTBackup
rm -f ${runningfile} > /dev/null 2>&1
rm -f ${mountedfile}> /dev/null 2>&1
echo "$(date "+%m/%d/%y %T") Source Process for ${smbdir} had errors running:-SSS"
echo "$errors" >&2
touch ${errorfile}
exit 1
else
echo "What the hell is this doing?"
fi
#NO Errors Running RTBACKUP
rm -f ${templog}
rm -f ${runningfile} > /dev/null 2>&1
rm -f ${mountedfile} > /dev/null 2>&1
echo "$(date "+%m/%d/%y %T") Source Process for ${smbdir} did not have any errors"
else
#backup will *NOT* run, cleaning up and logging
rm -f ${mountedfile} > /dev/null 2>&1
echo "$(date "+%m/%d/%y %T") ${smbdir} could not be mounted, or is already in progress. Backup could not complete."
touch ${errorfile}
tail /var/log/rob/robso.log | mail -s "ROBSO Failed to run for ${smbdir} on ${baname}" ${email}
fi
echo "-F-$(date "+%m/%d/%y %T") ROB-Source Process for ${smbdir} has finished-F-"
#break
elif [[ "${sources_active}" == "0" ]]
then
echo "***$(date "+%m/%d/%y %T") ROB-Source Process for ${smbdir} did not run because the job is not set as active***"
#break
fi
done < /rob/conf/${baname}.conf
if [ $? -eq 10 ]; then exit 0; fi
You can use curly braces to redirect a set of commands; as it says in the bash manual about command grouping, "When commands are grouped, redirections may be applied to the entire command list". It behaves more-or-less like an anonymous function.
{
command1
command2
} > >(tee -a ${templog} /var/log/rob/rob.log) 2>&1
You can do the same with a named function, too, if you're so inclined, but I don't know offhand what environment would be used to expand the redirections. (If you do, please edit this answer!)
# Untested. This MIGHT work.
your_log_command() {
command1
command2
} > >(tee -a $1 /var/log/rob/rob.log) 2>&1
your_log_command $templog
your_log_command $something_else
I'm just newbie to Linux Shell Scripting. What i need to know is, normally in the command line, we simply use:
# ls /var/log
audit ConsoleKit cups maillog messages ntpstats secure-20130616 spooler-20130623 vsftpd.log-20130616
boot.log cron dmesg maillog-20130616 messages-20130616 prelink secure-20130623 spooler-20130701 vsftpd.log-20130623
... . . . ..
Then
# ls /var/aaaaaaaaaaaaaaa
ls: cannot access /var/aaaaaaaaaaaaaaa: No such file or directory
So with the Shell Script:
How can i run the command: # ls /var/aaaaaaaaa
and then detect if there is the output string ls: cannot access or not?
Note: You may ask me whether i want to detect just the Failure. Or the output string. I'm very keen to know the both way. Thank you.
To check for a directory:
if [ ! -d '/var/aaaaaaa' ]; then
echo 'no dir!'
fi
For file:
if [ ! -f '/var/aaaaaaa' ]; then
echo 'no file!'
fi
To check output:
if ls '/var/aaaaaaa' 2>&1 | grep 'No such'; then
echo 'no such';
fi
To check when ls fails:
if ! ls '/var/aaaaaaa' &> /dev/null; then
echo 'failed'
fi