tags:

views:

242

answers:

3
+1  Q: 

Write shell script that can only be run by a sudo user in Ubuntu

I'm writing a shell script that is supposed to be run by users only in sudo user list, what's the appropriate way of doing this?

what I'm thinking is in the shell script, try to create a dummy file in system dir such as /var/run/ and remove it, so users not in sudo list will receive a permission error, but I believe there gotta be a more appropriate way of doing this, thanks for helping

+2  A: 

make sure you are in the sudoers list then:

sudo chmod 700 /path/to/scriptname

[answering comment]
sorry - I don't use subversion: my guess is that you will need to run another script as a sudoer that will create the script with the correct permissions.

No, you do not have to change ownership to root, but it will keep things clean if you do.

slashmais  2010-01-15 07:03:25
is there a way to detect if a user is in sudo list within the shell script? the shell script will be submitted to subversion control system, so I'm worried that the file permission may be lost as it's being checked out and deployed on someone else's system
 2010-01-15 07:06:23
You should also `chown root file` as in Teddy's answer.
Dennis Williamson  2010-01-15 07:07:06
chown to root is the simplest way. If You're worried about that, Dennis's answer will allow you to make a second manual check in your script. I would suggest that you do both (++ to both).
FalseVinylShrub  2010-01-15 07:22:58
+8  A: 

Change the execute permissions on the script to only be executable by the user, and change the ownership of the script to root. That should do it.

Teddy  2010-01-15 07:03:48
+2  A: 

You can check the values of $UID and $EUID in your script. They would be zero for being equivalent to root. Or, if not Bash, you can use id -u.

Dennis Williamson  2010-01-15 07:11:22
If using `id -u`, be sure to use the full pathname or set your own PATH so that the proper binary is used (otherwise the user could write their own `id` program/script and arrange for it to be in the path before `/usr/bin` or where ever).
Chris Johnsen  2010-01-15 07:41:38

related questions

Fast SQL Server 2005 script generation
In Exchange (2003) how do I list the forms used in the public folder tree ?
Can Windows' built-in ZIP compression be scripted?
Set up PowerShell Script for Automatic Execution
Automated script to zip IIS logs?
Windows Mobile - What scripting platforms are available?
Best way to extract data from a FileMaker Pro database in a script?
which language you use for "throw away" programs?
Delete all but the most recent X files in bash
In SQL Server, how do I generate a CREATE TABLE statement for a given table?
Batch file to "Script" a Database
Is it OK to drop sql statistics?
How do I generate scripts that will rebuild my MS SQL Server 2005 database WITH data?
Which scripting language to support in an existing codebase?
quoting System.DirectoryServices.ResultPropertyCollection
Automate adding entries to a wiki
Can I copy files to a Network Place from a script or the command line?
How do you use PowerShell?
How to resolve symbolic links in a shell script
showing a message box from a bash script in linux
Date arithmetic in Unix shell scripts
Common Types of Subversion Hooks
MS-SQL: Drop all tables whose names begin with a certain string
What PHP framework would you choose for a new application and why?
Adding Scripting functionality to .NET applications