Running a Shell Script with Sudo

[egan]

Hi, I have what I hope is a simple question.

I have written a small bash script, but it needs to run a couple commands as root. In fact, I put in a check to exit the script unless it was run by root.

I put it in ~/bin, which I have in my path.

The problem is, if I try to run it like so:

Code:

sudo chweb

it prompts me for my password, but then returns:

Code:

sudo: chweb: command not found

It seems that sudo doesn't like to work with any local scripts or programs (which does make sense from a security point of view). My question is, how do I get around this? I'd rather not have to actually log in as root to run this simple administrative script.

Any help would greatly be appreciated!

[yancek]

I'm not really familiar with Bash scripts but you may need the "sh" extension and use the bash command:

sudo bash chweb.sh

[egan]

I'm not really familiar with Bash scripts but you may need the "sh" extension and use the bash command:

sudo bash chweb.sh

Hey, thanks for the response!

Your suggestion does indeed work (I don't need the .sh extension). The problem is, bash expects a path to the script (i.e. it does not search the path). This is little annoying, as I would rather just type something like this:

Code:

sudo chweb www FILE1 FILE2 FILE3

than this:

Code:

sudo bash ~/bin/chweb www FILE1 FILE2 FILE3

Though I suppose I could make an alias for this.

EDIT: Making an alias has worked for me. I would still be interested in any other suggestions though.

[pmcoleman]

I have a few scripts that have similar problems. My solution is found at:
checkSumListCreator.html

But here is the main portion relative to you query:
Steps to create a Common Bash Shell directory:

1. su to root
2. Change the umask value to 0027
3. cd to /var/opt/ directory
4. Make a new directory called BashScripts or whatever name you prefer.
5. Change the directory owner and group using chown : e.g. chown myUserName:myUserName ./BashScripts Effectively creating the directory for your own personal use
6. Modify the directory permissions to utilize the sticky bit by typing th command chmod 1770 ./BashScripts. This change allows the designated user and group members to access the directory. They (you) will also be able add content, but only the owner of the file will be able to delete it.
7. Use a text editor such as vim to open your user .bashrc file and add the path for this new directory so that it will be available for each shell session. PATH=$PATH:/var/opt/BashScripts export PATH Where the path is the actual path and name of the directory you created in the previous steps.
8. Save and close the .bashrc file
9. Exit from your root login.

The next step I normally use is to then create a cron job as root to run the script that will require root privs each time, even if only a portion of the script would require such.

Hope this helps.

[egan]

I have a few scripts that have similar problems. My solution is found at:
checkSumListCreator.html

But here is the main portion relative to you query:
Steps to create a Common Bash Shell directory:

1. su to root
2. Change the umask value to 0027
3. cd to /var/opt/ directory
4. Make a new directory called BashScripts or whatever name you prefer.
5. Change the directory owner and group using chown : e.g. chown myUserName:myUserName ./BashScripts Effectively creating the directory for your own personal use
6. Modify the directory permissions to utilize the sticky bit by typing th command chmod 1770 ./BashScripts. This change allows the designated user and group members to access the directory. They (you) will also be able add content, but only the owner of the file will be able to delete it.
7. Use a text editor such as vim to open your user .bashrc file and add the path for this new directory so that it will be available for each shell session. PATH=$PATH:/var/opt/BashScripts export PATH Where the path is the actual path and name of the directory you created in the previous steps.
8. Save and close the .bashrc file
9. Exit from your root login.

The next step I normally use is to then create a cron job as root to run the script that will require root privs each time, even if only a portion of the script would require such.

Hope this helps.

That is quite interesting... thanks for the help.

So I guess sudo is designed not to work with local scripts, and this is why they need to be in /bin, /sbin, /usr/bin, or /var/opt?

[pmcoleman]

Creating a script that must perform tasks requiring sudo or su privs means that the script as a whole must be run as sudo or su.

The steps outlined above serve a couple of purposes. First the script is located / relocated in a common directory that any user who is a member of the group can access. If the group was something other than the user's default primary group another user who is a member of the same group could simply type in the name of the script without the "./" or "bash <path to filename> and use the script. Setting the permissions of the script in the BashScript directory to read and execute makes the script available for use. The sticky bit setting on the whole directory means that the only person who could delete the file would be the owner of the file or of the directory itself.

In the case here, your script could be added to the directory and if the path is added to the bashrc file a user and group member must only type sudo <scriptname> to execute the program.

Based on your first post, the steps I outlined would allow you to run a script by typing "sudo <script name>. The only problem would be if a non-sudo user also needed to run the script. Their access would be denied even if they were a member of the group. The script would initiate but any commands requiring root privs would fail, just as you have noted previously.

I use /var/opt to manage scripts and other programs that I will make available to other users on the system. It is designed for this purpose and it helps to keep all of the programs in a nice "repository" of sorts. The /opt directory is in place by default to store programs that the end user places on the system. In my ubunutu server installation this opt dir is a subdirectory of /var/. Var also contained my Intranet web site directory. It is a place that many users on the system end up accessing at some point. Thus I set the common bash scripts there. You may be able to designate another place outside of the home directories.

NOTE:
In my first response the PATH command did not render correctly.
PATH=$PATH:/var/opt/BashScripts export PATH

should be:
PATH=$PATH:/var/opt/BashScripts
export PATH

They are two commands. Sorry about that...