tags:

views:

62

answers:

3
Q: 

How do I force the user to become root

I have written a bash script for use on my ubuntu box. Now I would like to prevent running this script under my own user and only able to run it as root (sudo).

Is there a possibility to force this. Can I somehow let my script ask for root permissions if I run it under my own username?

+1  A:  
sudo chown root yourcode
sudo chmod 500 yourcode

Voila!

mkoistinen  2010-09-22 11:00:23
A: 

You can change the permissions, so that only root can execute it. Or you could use whoami command and in case that it isn't root force sudo.

Nuz  2010-09-22 11:00:30
+3  A: 

I have a standard function I use in bash for this very purpose:

# Check if we're root and re-execute if we're not.
rootcheck () {
    if [ $(id -u) != "0" ]
    then
        sudo "$0" "$@"  # Modified as suggested below.
        exit $?
    fi
}

There's probably more elegant ways (I wrote this AGES ago!), but this works fine for me.

JUST MY correct OPINION  2010-09-22 11:02:23
Possibly `exec sudo "$0" "$@"` to avoid problems with spaces in arguments, and avoid have the first execution hanging around?
Douglas Leeder  2010-09-23 09:33:12
Yeah, that would be a decided improvement. I'll update the answer to reflect it.
JUST MY correct OPINION  2010-09-23 10:11:29
Note that if it's run as a function like this, you need to pass in the script's parameters (i.e. run it with `rootcheck "$@"`). Or you can just put the if block inline rather than in a function. Also, this should be done very early in the script, as anything before it will be run twice (once normally, once as root).
Gordon Davisson  2010-09-23 19:18:44
I do it first thing in the script, so yeah. Early is right.
JUST MY correct OPINION  2010-09-24 00:11:12
It's sometimes good to run sanity checks (e.g. does the file in question exist?) before sudo'ing -- I tend to do this by starting the script with something like `if [[ $1 == "--no-sanity-checks" ]]; then shift; else run sanity checks; fi` and then modify the sudo command to `exec sudo "$0" --no-sanity-checks "$@"`
Gordon Davisson  2010-09-25 17:28:32

related questions

Can't copy file with appropriate permissions using FileIOPermission
GetProcessesByName() and Windows Server 2003 scheduled task
Starting a process in C# with username & password throws "Access is Denied" exception
How do you set directory permissions in NSIS?
PHP: How to check if a directory is writeable?
Sharepoint Item Level Access & performance
sudo echo "something" >> /etc/privilegedFile doesn't work... is there an alternative?
What is the best way to create a security architecture?
Hierarchical Group Permissions Theory/Resources?
Why is access denied when installing SSL cert on IIS 5?
What databases do I have permissions on
Can an iPhone App Be Run as Root?
SQLite/PHP read-only?
Multiple permission types (roles) stored in database as single decimal
SharePoint Permissions
CakePHP ACL Database Setup: ARO / ACO structure?
LINQ and Database Permissions
What's the best way to implement a SQL script that will grant select, references, insert, update, and delete permissions to a database role on all the user tables in a database?
php scripts writing to non-world-writable files
How do I detect if a function is available during JNLP execution?
Implementing permissions in PHP
Access Control Lists & Access Control Objects, good tutorial?
In Visual Studio you must be a member of Debug Users or Administrators to start debugging. What if you are but it doesn't work?
Where should I put my log file for an asp.net application?
What is the best way to handle multiple permission types?