Running a file as nonroot from a root bash script - linux

Okay, I currently use an eggdrop IRC bot on my server. I want to make a bash script to start it up as well as a few other scripts at the same time. All that's left is to make it start, but it won't run as root.
However, I also need to be in the current directory of the file to run it, or it displays an error.
For example:
/home/eggdrop/eggdropbot/eggdrop will display an error, so to run it I need to
cd /home/eggdrop/eggdropbot and then ./eggdrop
So I can't just use "sudo -u eggdrop /home/eggdrop/eggdropbot/eggdrop" and as you probably know, sudo won't cd, either, since that would be pointless.
Any suggestions?

Why not just cd first and then sudo -u ./eggdrop .?

What about doing the cd, and, only then, launch the command with sudo ?
I suppose something like this should do the trick :
cd /home/eggdrop/eggdropbot && sudo -u eggdrop ./eggdrop

You can cd to the directory as the root user and then use sudo -u to invoke the program from the working directory.

Related

How to create a custom bash command in linux

The question is about bash shell commands in ubuntu 10.04.
I have created a simple addition program in c and it works fine in my terminal.
Now I want to make this program to execute into my terminal as a command.
How can I convert a C program into a bash shell command?
How to make that command an system command like others?
yout just have to change it's owner & group root following commands
sudo chown root "file_name"
sudo chgrp root "file_name"
then give this command to change the permissions
sudo chmod 755 "file_name"
and place it in /bin with this command
sudo mv "file_name" /bin
now u can run it as a normal command.
You run your code by ./compiled-c-program
If you like to run like the other "system" program you need to add a static link to your program to one of the folder from your $PATH variable e.g.:
ln -s ~/bin/c-compiled-c-program path/to/the/program/compiled-c-program
Good luck!
I guess you want this C program to be executed by any user, as a system command. If this is your requirement, then you can add an execute permission to everyone by chmod +x <program name> and then add the program absolute path in the system define PATH environment variable.

Use sudo without password INSIDE a script

For some reason I need, as user, to run without sudo a script script.sh which needs root privileges to work.
I saw as the only solution to put sudo INSIDE script.sh. Let's take an example :
script.sh :
#!/bin/sh
sudo apt-get update
Of course, if I execute this script, I get a prompt asking me for a password. Then I added to my sudoers file (at the end to override everything else) :
user ALL=(ALL:ALL) NOPASSWD:/path/to/script.sh
By the way, I also tried the line :
user ALL=(ALL) NOPASSWD:/path/to/script.sh
(I think I didn't fully understand the difference)
But this doesn't solve my problem if I don't use sudo to execute this script :
# ./script.sh
[sudo] password for user:
# sudo ./script.sh
Starts updating...
Well, so I say to myself "Ok, that means that if I have a file refered in sudoers as I did, it will work without prompt only if I call him with sudo, what is not what I want".
So, ok, I create another script script2.sh as following :
script2.sh
#!/bin/sh
sudo /path/to/script.sh
In fact it works. But I am not truly satisfied of this solution, particularly by the fact that I have to use 2 scripts for every command.
This post is then for helping people having this problem and searching for the same solution (I didn't find a good post on it), and perhaps have better solutions coming from you guys.
Feel free to share your ideas !
EDIT 1 :
I want to insist on the fact that this "apt-get update" was just an example FAR from whhat my script actually is. My script has a lot of commands (with some cd to root-access-only config files), and the solution can't be "Well, just do it directly with apt-get".
The principle of an example is to help the understanding, not to be excuse to simplify the answer of the general problem.
From my blog: IDMRockstar.com:
The kicker is that sometimes, I need to run commands as root. Here's the quick and dirty way I accomplish that without divulging the passwords:
#! /bin/bash
read -s -p "Enter Password for sudo: " sudoPW
echo $sudoPW | sudo -S yum update
This way the user is prompted for the password (and hidden from terminal) and then passed into commands as needed, so I'm not running the entire script as root =)
If you have a better, way, I'd love to hear it! I'm not a shell scripting expert by any means.
Cheers!
.: Adam
If you want to run sudo /usr/bin/apt-get update without a password, you need to have the sudoers entry:
user ALL=(ALL:ALL) NOPASSWD:/usr/bin/apt-get update
For the larger issue of the script as a whole, there are two possible approaches:
Approach 1
For each command in the script that needs sudo, create a line in sudoers specifically for that command. In this case, the script can be called normally:
./script1.sh
Approach 2
Place a line in sudoers for the script as a whole. When this is done, the individual commands do not need sudo. However, sudo must be used to start the script as in:
sudo ./script.sh
If your password isn't something you want to be very secure about, (maybe some testing server in the company etc.) you can elevate to sudo in the script via echo like:
echo YourPasswordHere | sudo -S Command
The prompt still prints the "enter password" text to output though. So don't expect it to be neat.
See this Askubuntu post
As you noted, the file that must appear in the sudoers configuration is the one that is launched by sudo, and not the one that runs sudo.
That being said, what we often do, is having something like
user ALL=(ALL:ALL) NOPASSWD:/path/to/script.sh
in the sudo configuration, where script.sh has all the commands that the script has to do.
Then we define either a Bash function or an alias so that script.sh is actually
sudo /path/to/script.sh
The only issue is if some commands must not be run as root, you need to insert some su - user -c "command" commands in the script.
In new /etc/sudoers.d/apt-get file, put single line:
user ALL=(ALL:ALL) NOPASSWD:/usr/bin/apt-get update
Fully qualified path to executable is required here.
Then use following in your script:
sudo apt-get update
Here, fully specified name is not required. Sudo uses PATH environment variable for executable resolution.
While changing and checking sudoers configuration, be sure to keep another root session open for error recovery.
I suggest you look at the sudo environment variables - specifically you can use (and check for) $SUDO_USER. Call your script with sudo (1 entry in sudoers), then do user stuff as SUDO_USER and root stuff as root.
As mentioned by Basilevs you need to add your user to the sudoers file in order to avoid that sudo commands in the script get stuck awaiting the password.
On Ubuntu 16, there is a simpler way: just add the user to the sudo group, like this:
sudo usermod -aG sudo *username*
From then on, it should work like a charm.
Note:
This works only on the condition that the following line is in file /etc/sudoers:
%sudo ALL=NOPASSWD: ALL
(such line gives passwordless sudo privileges at group level, in this case to the sudo group)
(if this line is not present and you want to add it, make sure you use visudo)
Simply, in order to execute commands as root you must use su (even sudo uses su)
As long as you execute sudo ./script2.sh successfully just instead :
sudo su
"#" //commands as root here
"#" exit
//commands as use here
you can make it a shell function with the name sudo, but no other better way i think,however it's the case with scripts inti,rc android ..etc
must be tidy ;)
however this requires you to put NOPASSWD: su wich is totaly secure indeed
any way here just lacks POISX permissions principle which is filtering so dont enable something to all users or vice versa
simply, call sudo as much as you want with no additional thing then:
chown root script.sh
chmod 0755 script.sh
chgrp sudo script.sh
"make root owner of .sh"
"make it read only and exec for others"
"and put it in sudo group"
of course under sudo
that's it

rundeck - switch to root user in job script

Logging via terminal I can switch to root user fine:
ubuntu#ip-10-0-0-70:~$ sudo -s
root#ip-10-0-0-70:~# whoami
root
So I created in rundeck a job script with this:
whoami;
echo "1st step";
sudo -s;
echo "2nd step";
And when I run this, it prints:
ubuntu
1st step
After print '1st step' it get stucked forever. Seems a problem with sudo -s command.
tried sudo -i but the same happens
tried sudo su - root but the same happens
rundeck is logging as ubuntu user, me too
any idea to switch to root in rundeck script?
This is the expected behaviour.
You are running a shell via 'sudo -s' and then not leaving/exiting it ! So it waits forever for somethig that won't come.
You can probably add 'sudo' as an Advanced option of your script (where it says "Run script with an interpreter or prefix. E.g.: sudo, time:").
But it will run your whole script as root.
If you just want a specific command to be run as root , just prefix your command with sudo as so:
sudo "enter_your_command_to_be_run_as_root_here"
Entering the command prefixed by Sudo will generate the following error on most linux distributions.
sudo: sorry, you must have a tty to run sudo
You can enable sudo without tty by running 'visudo' and commenting out the defaults line or removing 'requiretty' from the defaults line.
Details can be found here:
http://www.cyberciti.biz/faq/linux-unix-bsd-sudo-sorry-you-must-haveattytorun/

starting apachectl from bash

I am writing a bash file. I need to start apachectl from my bash file. so i wrote:
apachectl start
When I run it with root, an error occurred:
apachectl: command not found
I searched and I found that, I should be super user with su - not su
Now, I want to know:
why this error occurred?
How could i run it with su?
In shell scripts you should use full paths in order to execute command unless directory with executable already in $PATH.
For instance, find where apachectl binary is located:
which apachectl
or
whereis apachectl
and you will get something like:
/usr/local/sbin/apachectl
So, use that.
The command not found error is because "apachectl" is not in your path. Simply use the full path of the command, e.g.
/etc/init.d/apachectl start
If you get a permission denied error, then you need to run as a different user. That is a different problem though.
Use the find command to first locate apachecetl
find / -name apachectl
Then you can test it by running the status command (assuming this is the location from the find command)
/usr/local/sbin/apachectl status
Then you may need to restart apache if there's an issue
/usr/local/apache/bin/apachectl restart
It seems, that the command apachectl is not in your environments path. Locate the directory, where apachectl resides and add this to your PATH or start it with the full path. Most modern distributions use sudo to allow users gain elevated rights, so you should use sudo, if available to you.
Below command worked for me:
sudo /usr/sbin/apachectl -kstart
The answer above helped me a lot but the commands should be:
sudo netstat -tanp
sudo ss -tanp 'sport = 80'
sudo apt-get remove lighttpd
sudo <path>/apachectl -kstart
First kill all httpd service using...
sudo killall -9 httpd
Second, find apachectl. Press ctrl+r into terminal enter a "apachectl" word To find the path of "apachectl".
After select:
sudo <path>/apachectl stop|start
This question is old but comes up in Google, so for future readers: Please notice on some distributions such as Debian it is a sudo-only command and trying to run it without sudo leads to the error: command not found. So in order to run it simply use sudo. Also if you want to know where the binary is located at too, the simplest way I recommend (if using APT) is:
$ dpkg -L apache2 | grep apachectl
/usr/sbin/apachectl
/usr/share/man/man8/apachectl.8.gz
As you see, it's under sbin which means is exclusive to admins space.
I had the same problem. You may run the following command first:
export PATH=$PATH:/sbin
Then use apachectl restart or etc.
well, it happens why you port be used now other service. for you know that
service is use write next comand of netstat:
sudo netstat -tanp.
if you wanna to know of port 8080 use next comand:
trong textsudo ss -ntlp 'sport = 80'.
in my case was run lighttpd so apply next comand:
sudo apt-get remove lighttpd.

How to run a command without sudo?

I want to add a line in the crontab (on my local machine) which will run every five minutes. My problem is the command I am going to use requires sudo :
sudo indexer --config /usr/local/etc/sphinx.conf --all --rotate
Is there a way I can run the command without using sudo and without prompting for password ?
Thanks!
Put it in the crontab of root
sudo crontab -e
There you can put
indexer --config /usr/local/etc/sphinx.conf --all --rotate
All commands in this crontab will be executed as root. If you just du crontab -e as your current user, they will be executed under your users permissions.
Just append your command to the sudoer file list by using cmd visudo(this cmd requires root priviledge) as below:
<YOUR_USER_NAME> ALL = NOPASSWD:<ABSOLUTE-PATH-TO-CMD>
Take care of the ABSOLUTE-PATH-TO-CMD,It may become a security hole.
Its extremely dangerous to put applications in root's crontab unless the box is secured well from hackers. If by chance someone replaces the binaries (including libraries), you're gone!
A better way would be to chown all the files the binary accesses to an unprivileged user and run the job as the unprivileged user.
Any of the binary files the application uses should not be writeable by anyone except root.
run it as a root ? or sphinx user ? try to find out which user you need it to be run as and add it to that users cron
You can configure sudo not to ask password. Read man sudoers for how to do that. Search for NOPASSWD string.

Resources