Home / server / Questions / 226386
Accepted
Fabiano Soriani
Asked: 2011-01-25 13:57:41 +0800 CST

Wget a script and run it

  • 772

I want to download a script from: http://dl.dropbox.com/u/11210438/flockonus-stack.sh and execute it. My guess is, to use wget renaming it, chmod it, and execute.

What are the commands for doing that on Ubuntu?

ubuntu wget

6 Answers

  1. Best Answer

    Careful

    Before running the script, do you trust the person who wrote it?

    For example, did you expect the script to contain this?

    echo "brain1" > /etc/hostname

    That will try to change your hostname.

    For future reference, if, after verifying the script is correct and not malicious, you can run it in one line like this:

    wget -O - http://dl.dropbox.com/u/11210438/flockonus-stack.sh | bash

    But download it separately and read it before running it the first time.

    Also note that interactive prompts inside the downloaded script may not work properly using this method.

    • 63

  2. Non-Interactive Scripts

    wget -O - http://website.com/my-script.sh | bash

    Note that when using this method, interactive scripts will not work.

    Interactive Scripts

    In order to get interactive scripts working, you can use this:

    bash <(wget -qO- http://website.com/my-script.sh)

    Interactive Scripts that need to be run as root

    Warning: This is extremely dangerous. Not recommended.

    sudo su -c "bash <(wget -qO- http://website.com/my-script.sh)" root

    Note that you cannot simple use sudo bash since using <(...) will create a virtual file and it's file descriptor will not be accessible from roots bash instance. It must be executed on the same user that needs to read the virtual file, so it has to be sent as it's own command inside the root users shell.

    • 21

  3. That script is from me, it is safe.. Loved the one-liner, but, it has some interactive lines that didn't run.. dunno why?

    When dpkg runs, called by apt-get, it flushes stdin. If you are using a command like curl blah | bash, then you are basically sending contents of the page to bash via STDIN. If one of your commands is apt-get, then runs, everything else will be flushed.

    The trick is to use a command like this apt-get install --yes denyhosts </dev/null. This gives apt-get a different input, and it simply flushes /dev/null instead of the rest of your script.

    If you want to see a complete example of installing something via a remote script you may want to look at this script for setting up denyhosts

    For the record, I prefer curl over wget for this, but wget should also be fine.

    • 6 
  4. #!/bin/sh
if [ ! -f "/tmp/flockonus-stack.sh" ]
then
    wget -O /tmp/flockonus-stack.sh http://dl.dropbox.com/u/11210438/flockonus-stack.sh
fi

sh /tmp/flockonus-stack.sh
    • 4

  5. All of these examples are missing a fairly important point. If you use the url http://dl.dropbox.com/u/11210438/flockonus-stack.sh, you need to audit the script every time you download it, because it can be modified by anyone on the network path between you and dropbox. If you switch to https://dl.dropbox.com/u/11210438/flockonus-stack.sh, you won't have that source of insecurity.

    (Dropbox tries to redirect the http URL to https, but in the case of a network attack wget would never get to speak to the real dropbox, and would never see the redirect)

    • 4

  6. Try simply downloading it as you have specified with wget and then executing it directly. You can get fancy and use variables for the script you want to download etc, but this will do the trick

    For example:

    !#/bin/bash

#Change to temp directory
cd /tmp

#Download file using wget
wget http://dl.dropbox.com/u/11210438/flockonus-stack.sh

#Execute the file

sh flockonus-stack.sh
    • 2