Home / ubuntu / Questions / 209714
In Process
MKJ
Asked: 2012-10-31 09:38:50 +0800 CST

Adding root privileges to a bash script

  • 772

I am in need of adding root privileges to a bash script which uses sudo; so that whenever we run the script from the terminal; irrespective of the fact that the user is root or not it should not prompt for password. Please help! Doing Run Bash Script as Root did not help.

bash

4 Answers

  1. The best solution would be use visudo (this tool was made for that and will avoid the exposition of root password), I suggest you to dig what are going wrong with that.

    As a workaround, you can run this: 

    echo <password> | sudo -S some-script

    (start the command with a space so it won't be saved in bash history).

    Regards.

    • 6

  2. It is very unwise to create a security hole by elevating rights (something that i oppose) without any form of identity check, but if your script is non-interactive and the system is in complete control of the script itself (that means that the user can't fiddle with it) there are several ways to do this in a safe way. I give you some examples using a kind of makeshift "event triggers"
    (yes, stretching the definition a bit)

    This one should be started beforehand by the server (in /etc/rclocal or something like that) this script has "root" permission.

    #!/bin/bash

CMD="/path/to/a/directory/the/user/has/rights/to/write/into"

mkdir -p "$CMD"

while :
do
    inotifywait -q -e moved_to "$CMD" >/dev/null
    /path/to/script/you/want/to/run.sh
done

    The second one is the script that the user invokes, it has no root permission:

    #!/bin/bash

CMD="/path/to/a/directory/the/user/has/rights/to/write/into"

touch dummyfile ; mv dummyfile "$CMD"

    As you can see, the user has no elevated rights and also can't do anything beyond "pushing the button". If the client is moving something in the prepared directory, the serverscript gets a signal that it has to run your script.

    Another way (less secure) to do this is using sockets:

    First, again, a script invoked by the server (just like in the first example)

    #!/bin/bash
PORTNUMBER="12345"  #or whatever you like and not in use

while :
do
    nc -l localhost $PORTNUMBER >/dev/null
    /path/to/script/you/want/to/run.sh
done

    then a clientscript

    #!/bin/bash
PORTNUMBER="12345"  #or whatever you like and not in use

echo "something" | nc localhost $PORTNUMBER

    the last line can also be replaced with:

    echo "something" >/dev/tcp/localhost/$PORTNUMBER

    Here again: an echo to a socket will signal the serverscript to run your script.

    And of course this can also be done with named pipes, but you get the idea :-)

    • 4

  3. Keeping in mind that by doing this you are allowing anyone to run it I believe you need to chmod it by giving it appropriate permission, 0755 should do it.

    • -1

  4. Have you tried setting a sticky bit on the file, so when it's run it'll run as root?

    You can run chmod 2777 on the file and chown root on the file to give it to root.

    Now, anyone who executes the file will be running it as root.

    • -2