Find the answer to your Linux question:
Results 1 to 5 of 5
This is an odd sort of problem. I'm working on a script which handles disaster recovery for a system I'm developing. Part of the script will also be used for ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2010
    Location
    Joplin, Mo.
    Posts
    2

    su & sudo within bash script


    This is an odd sort of problem. I'm working on a script which handles disaster recovery for a system I'm developing. Part of the script will also be used for initial setup. It needs to require as little user interaction as possible. It also needs to be run as root during most of the process. The problem is that there comes a point where some of the software can't be compiled or installed as root. So root needs to su to a regular user who then has to sudo in order to compile & install the aforementioned software. After all this, the script needs to revert to it's original state, running as root.

    i told you it was odd. I've never encountered a situation where root had to su to a normal user in order to sudo as root. I'm not quite sure how I want to proceed, but I'm open to suggestions.

    Thanx,

    Ed

  2. #2
    Linux Newbie
    Join Date
    Mar 2010
    Posts
    152
    Quote Originally Posted by cejohnsonsr View Post
    The problem is that there comes a point where some of the software can't be compiled or installed as root.
    Why not? Is this some restriction the makers of the software place on you? Is it possible to change their scripts/build system to remove this restriction?

    When I need automated scripts to run as root (but want to do as little as possible as the root user) I use the following system:

    1. Write a script that does whatever you want done as the root user, say /usr/local/bin/do-stuff.
    2. Make it writable only by the root user, but executable by everyone.
    3. Add the following line in /etc/sudoers:
      %admin ALL=(ALL) NOPASSWD: /usr/local/bin/do-stuff


    That way, someone in the group admin (which I am on my system) can run do-stuff using "sudo do-stuff" without having to enter a password, but they can't do arbitrary stuff because they can't edit do-stuff without a root password.

    Of course, this is only as secure as your do-stuff script, so be cautious - this only works because the stuff I use it for on my system is stuff like auto-mounting specific file systems, which I'd be happy to let anyone do anyway (for those file systems, at least). You could always make the user that's allowed to run these scripts without a password be some user created specifically for the task, with some hard-to guess password so only root can become that user by using su... it's an option, I guess.

  3. #3
    Just Joined!
    Join Date
    Oct 2010
    Location
    Joplin, Mo.
    Posts
    2
    Yes, the software is designed to be run by a normal user, & will refuse to compile for root. It's a security feature. I don't know if it could be defeated, but even if it could I wouldn't want to.

    I already have a normal user in /etc/sudoers. I don't mind being prompted for a password occasionally. What I want to avoid is having to exit the script to perform a series of tasks manually. I'd also prefer not to have to call external scripts if at all possible.

    One possiblity I'm considering is
    Code:
    su -c command user
    where command is the sudo task & user is the normal user created for the purpose & listed in /etc/sudoers. I'm not sure if it will work. I'm still trying to determine a way to test it. It's a fairly simple task on the command line, but scripting has turned out to be somewhat convoluted.

    Ed

  4. #4
    Linux Newbie
    Join Date
    Mar 2010
    Posts
    152
    Quote Originally Posted by cejohnsonsr View Post
    One possiblity I'm considering is
    Code:
    su -c command user
    Ah yes, I'm over-complicating it if you want to do it the other way around - that should do it:

    Code:
    $ su 
    Password: 
    # su john -c 'id -u'
    1000
    #
    Last edited by JohnGraham; 10-28-2010 at 03:48 PM.

  5. #5
    Linux Guru coopstah13's Avatar
    Join Date
    Nov 2007
    Location
    NH, USA
    Posts
    3,149
    also, if you want to run the command using the users environment rather than root, you should use -
    Code:
    su - user -c command

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •