tags:

views:

84

answers:

5
+3  Q: 

su and sudo in a shell script

There is a shell script (/bin/sh, not bash) that requires root permissions for execution.

If it is ran by a normal user it should ask user a password to get root access and re-run itself.

Now it uses the following code:

if [ $(id -u) -ne 0 ]; then su root -- $0 $@ ; ... fi

That works fine, but there are some OS like Ubuntu that has no root password at all. On the other hand, a lot of systems use sudo for root permissions.

The question is: how can the script detect whether to use su or sudo without asking the user to enter too much passwords (e.g. enter sudo password, if it fails - run su).

A: 

You can setup the account not to need a password for sudo in /etc/sudoers: 

yourusername ALL=(ALL) NOPASSWD: ALL

If you don't want to do that, you can force them to run the script as root. Add something like this to the top of your shell script: 

if [ "$UID" -ne 0 ]; then
    echo "You must be root to run this script"
    exit 1
fi

This way, the user can get to be root however they choose (su or sudo).

gpojd  2010-10-04 15:06:11
This script is a kind of installer - I don't run it at my host, but other users run it at their machines.
zserge  2010-10-04 15:10:58
What about the second part? Exiting early and prompting them to run the script as root.
gpojd  2010-10-04 15:12:40
@gpojd That was the code used in older versions. Now I'm trying to get root privileges from the script, so the user don't have to restart it. Seems to be a little bit more user-friendly
zserge  2010-10-04 15:36:24
@zserge: you might prompt the user - "1: su to root and continue (you need the root password; 2: run the script with sudo (if permissioned); 3: abort installation"
Tony  2010-10-05 03:05:20
A: 

There isn't a bullet-proof way of doing this, because any distribution can lay files in any way it wants. Debian and Ubuntu often place system files in directories other than Red Hat, for example. It's much easier to customize the script for the OS it's installed on.

wilhelmtell  2010-10-04 15:13:08
A: 

Check if sudo ist installed

SU='su'
which sudo > /dev/null && SU='sudo'
bitmask  2010-10-04 15:14:54
A nice way. But: there can be sudo installed on the machine, but the user has no permissions to run this script with sudo.
zserge  2010-10-04 15:23:30
That does not matter, because then, sudo will fail, without asking a password, and you can invoke `su` instead (just observe the outcome of `sudo true`).
bitmask  2010-10-04 15:31:31
@bitmask Maybe I'm wrong, but while user is allowed to run true it's not guaranteed that he can run our script. And, if user is allowed to run programs with password, he will be prompted when executing `sudo true`. I try to avoid unneeded password prompts.
zserge  2010-10-04 15:39:47
Okay, `sudo true` was garbage. Make sure *your* script returns 0 (true) and simply run that with `sudo`. Then, the user is asked only once, and if he cannot sudo your script, you will know because of the return value so that you can invoke `su`.
bitmask  2010-10-04 15:55:37
@bitmask: I can't see anything better, but that still involves asking for the user's password then possibly having to ask for the root password afterwards: avoiding that is what the question's about.
Tony  2010-10-05 03:02:25
A: 

While this doesn't fully answer your question, it's worth noting that you can check if the sudo package is installed using the following:

Debian based systems:

dpkg -s sudo

RPM based systems:

rpm -q sudo
t3mp0  2010-10-04 15:29:53
What about gentoo, arch, or slackware users? To my mind, `which sudo` is a more general way to test if program is installed.
zserge  2010-10-04 15:41:32
+2  A: 

It shouldn't. If script requires root privileges, it should be run as root. It's the user's business how he's going to accomplish that -- using su, sudo or some other mechanism.

If you are concerned with security issues and don't want to do everything from root, you can drop root privileges for those parts.

Roman Cheplyaka  2010-10-04 22:01:21
zserge's comment below explains "That was the code used in older versions. Now I'm trying to get root privileges from the [installation] script, so the user don't have to restart it. Seems to be a little bit more user-friendly". Seems the fair basis for a question, and not inherently evil ;-).
Tony  2010-10-05 03:07:10
@Tony: My point is that it's *not* user-friendly at all. This is an example of trying to be smarter than user. In some cases this might work, but it's far more likely to cause problems to the user. Also you should follow the principle of the least surprise. I'd be surprised (and would have some questions to the author) if some program would try to acquire root privileges using sudo without my consent.
Roman Cheplyaka  2010-10-05 06:02:47

related questions

grep a file, but show several surrounding lines?
VMWare Server Under Linux Secondary NIC connection
Should I move from C++ to Python? ... Or another language?
Globus Toolkit virtual machine
How to avoid redefining VERSION, PACKAGE, etc.
How do I setup Public-Key Authentication?
showing a message box from a bash script in linux
Best Linux Distro for Computer Repair
Mapping my custom keys in Debian
Any IcedTea war stories?
How do you find the age of a long-running Linux process?
Personal Linux web server
Programmatically talking to a Serial Port in OS X or Linux
what's in your .bashrc ?
Linux - files and scripts that execute on boot
Text Editor For Linux (Besides Vi)?
Lightweight IDE for Linux
Shell scripting input redirection oddities
XML Editing/Viewing Software
What should a longtime Windows user know when starting to use Linux?
Gtk SSH client for Linux?
Getting root permissions on a file inside of vi?
Is it possible to drag windows between workspaces when using Compiz?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?