tags:

views:

1428

answers:

3
+1  Q: 

Quickly check whether sudo permissions are available

I want to be able to quickly check whether I both have sudo access and my password is already authenticated. I'm not worried about having sudo access specifically for the operation I'm about to perform, but that would be a nice bonus.

Specifically what I'm trying to use this for is a script that I want to be runnable by a range of users. Some have sudo access. All know the root password.

When they run my script, I want it to use sudo permissions without prompting for a password if that is possible, and otherwise to fall back to asking for the root password (because they might not have sudo access).

My first non-working attempt was to fork off sudo -S true with STDIN closed or reading from /dev/null. But that still prompts for the password and waits a couple of seconds.

I've tried several other things, including waiting 0.3sec to see whether it succeeded immediately, but everything I try ends up failing in some situation. (And not because my timeout is too short.) It's difficult to figure out what goes on, because I can't just strace like I normally would.

One thing I know doesn't work is to close STDIN or attach it to a pipe before running sudo -S true. I was hoping that would make the password prompt immediately fail, but it still prompts and behaves strangely. I think it might want a terminal.

+2  A: 

I don't know what the ultimate reason is for needing to do this, but I think maybe you might need to rethink whatever the core reason is. Trying to do complicated, unusual things with permissions frequently leads to security holes.

More specifically, whatever it is the script is trying to do might be better done with setuid instead of sudo. (I'd also have to wonder why so many people have the root password. Sudo is there specifically to avoid giving people the root password.)

dirtside  2008-09-23 16:59:56
We give out root passwords freely, and will continue until it causes a problem. We've been fine for 6 years, and it's made life easier. But many of us prefer to use sudo because (1) it's our own password, and (2) the action is logged. So this is about convenience, not getting around restrictions.
sfink  2008-09-23 17:36:01
setuid is a good idea and would probably work for this 75% of the time, but fairly often we're scp'ing it over the network onto a freshly-built box and setting the setuid bit would defeat the convenience aspect. (It's a slightly improved `xauth -f /var/gdm/:0.Xauth list | xargs -n 3 xauth add`)
sfink  2008-09-23 17:43:18
A:  
getent group admin | grep $particular_user

You could use whoami to get the current user.

Edit: But that doesn't help you find if you're still authed to do sudo tasks... Hmm..

Oli  2008-09-23 17:05:19
A: 

although an old topic, i'll give it a try answering

running

sudo -S true < /dev/null &>/dev/null

seams to work, although it delays for a second before failing

bobomastoras  2009-11-04 22:31:03

related questions

Obscuring network proxy password in plain text files on Linux/UNIX-likes
Why doesn't **find** find anything?
Getting stack traces on Unix systems, automatically
Differences between unix and windows files
How do you do a case insensitive search using a pattern modifier using less ?
Using Visual Studio to develop for C++ for Unix
How do I generate ASCII codes 2 and 3 in a Bash command line?
What's in your .procmailrc
Allow user to set up an SSH tunnel, but nothing else
What is PHP Safe Mode GID?
How to avoid redefining VERSION, PACKAGE, etc.
How can I encode xml files to xfdl (base64-gzip)?
Faster way to find duplicates conditioned by time
Date arithmetic in Unix shell scripts
Using Xming X Window Server over a VPN
Windows Equivalent of 'nice'
How do I configure and communicate with a serial port?
Choosing a static code analysis tool
What should a longtime Windows user know when starting to use Linux?
How do I use (n)curses in Ruby?
Process size on UNIX
Getting root permissions on a file inside of vi?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
Fastest way to get value of pi