Commands without sudo in bash do not work - bash

I am running a bash script and these commands in the script will not work without sudo in front of them. The script.sh is located in a folder such as /jobs/script.sh
Example of commands I am trying to run in the script.sh -
mv /var/app/myapp /var/app/myapp.old
rm file.tar.gz
tar -xzf /home/ubuntu/file.tar.gz -C /var/app/
All the above work if I add sudo in front of them.
I am trying to figure out what permissions are required for them to work without adding sudo in the script.
I have tried giving the script.sh rwx permissions and changing owner to root.
I'm learning permissions in linux, so I'm new to this. Basically what permission should the script.sh have so that I dont have to use sudo in the bash file? Any insight would greatly help.

When you run sudo <some command>, then <some command> is run by the root user (Super user do). The reason you might need to run any command using sudo is because the permissions on the files that command reads/writes/executes are such that only the "Super user" (root) has that permission.
When executing the command mv fileA fileB, the executing user would need:
Write permission to fileB if fileB already existed
Write permission to the directory containing fileB

From what you said it’s most likely you want read and write permissions you can achieve this with chmod
Chmod +[permission] filename
(+ is used to add permission you can also use - instead to remove it)
Where permissions can be:
r —> read
w—> write
x —>excecute
... and more
FOR EXAMPLE: it seems you write permissions for the first file so :
chmod +w /var/app/myapp
Will fix problem

Related

Bash Script Cant Write To Log Files

I've created a simple bash script that grabs some data and then outputs it to a log file. When I run the script without sudo it fails to write to the logs and says they are write-protected. It then ask me if it should unwrite-protect them, but this fails (permission denied).
If I run the script as sudo it appears to work without issue. How can I set these log file to be available to the script?
cd /home/pi/scripts/powermonitor/
python /home/pi/powermonitor/plugpower.py > plug.log
echo -e "$(sed '1d' /home/pi/scripts/powermonitor/plug.log)\n" > plug.log
sed 's/^.\{139\}//' plug.log > plug1.log
rm plug.log
grep -o -E '[0-9]+' plug1.log > plug.log
rm plug1.log
sed -n '1p' plug.log > plug1.log
rm plug.log
perl -pe '
I was being dumb. I just needed to set the write permissions on the log files.
The ability to write a file depends on the file permissions that have been assigned to that file or, if the file does not exist but you want to create a new file, then the permissions on the directory in which you want to write the file. If you use sudo, then you are temporarily becoming the root user, and the root user can read/write/execute any file at all without restriction.
If you run your script first using sudo and the script ends up creating a file, that file is probably going to be owned by the root user and will not be writable by your typical user. If you run your script without using sudo, then it's going to run under the username you used to connect to the machine and that user will need to have permission to write the log files.
You can change the ownership and permissions of directories and files by using the chown, chmod, chgrp commands. If you want to always run your script as sudo, then you don't have much to worry about. If you want to run these commands without sudo, that means you're running them as some other user and you will need to grant write permission to that user, whoever it is, in order to write the files/folders where the log files get written.
For instance, if I wanted to run the script as user sneakyimp and wanted the files written to /home/sneakyimp/logs/ then I'd need to make sure that directory was writable by sneakyimp:
sudo chown -R sneakyimp:sneakyimp /home/sneakyimp/logs
This command changes ownership of that directory and its contents to the user sneakyimp. You might also need to run some chmod commands to make sure they are writable by owner.

Moving files owned by a different user with Sudo and wildcard

I have a user named cam. Cam stores a bunch of files. Now I want to move those files so I tried the following...
sudo mv /home/cam/DCS-*.jpg /home/cam/cam/
But when I run this command I get...
mv: cannot stat ‘/home/cam/DCS-*.jpg’: No such file or directory
But if I runt the command like...
sudo mv /home/cam/DCS-934L2015110711425501.jpg /home/cam/cam/
It works fine. WTF am I missing
if I do a sudo ls /home/cam I see everything but without sudo I don't have permissions to see anything.
When this command is executed:
sudo mv /home/cam/DCS-*.jpg /home/cam/cam/
The * is expanded by the shell according to the permissions of the current user. As the current user cannot see those files (ls /home/cam has no permission), the shell cannot expand the parameter list.
shouldn't sudo have permissions regardless?
No. With sudo, the mv command will be executed as root, but the parameter list expansion happens before execution is passed to sudo mv.
To have the * expansion happen with root permission (so that the content of the directory will be visible), you can wrap the command in its own shell like this:
sudo sh -c 'mv /home/cam/DCS-*.jpg /home/cam/cam/'

Default user for files and directories created in bash under sudo

I'm writing a bash script that creates directories and copy files under Mac OSX. Some of these directories and files need to be placed in folders owned by the system such as /Library/Audio/Plug-Ins, and so I run the script under sudo. Such script might look like:
copy-plugins.sh:
#!/usr/bin/env bash
mkdir -p /Library/Audio/Plug-Ins/My-Plugins
cp plugin-A.dylib /Library/Audio/Plug-Ins/My-Plugins
cp plugin-B.dylib /Library/Audio/Plug-Ins/My-Plugins
and called:
$ sudo ./copy-plugins.sh
However when running under sudo, all created directories and copied files are owned by root.
I would like to be able to run the script under sudo and have the files be owned by my user.
I could call chown after each file/directory is created or copied
copy-plugins-cumbersome.sh:
#!/usr/bin/env bash
mkdir -p /Library/Audio/Plug-Ins/My-Plugins
chown 501:501 /Library/Audio/Plug-Ins/My-Plugins
cp plugin-A.dylib /Library/Audio/Plug-Ins/My-Plugins
chown 501:501 /Library/Audio/Plug-Ins/My-Plugins/plugin-A.dylib
cp plugin-B.dylib /Library/Audio/Plug-Ins/My-Plugins
chown 501:501 /Library/Audio/Plug-Ins/My-Plugins/plugin-B.dylib
but I'm hoping for a more general solution.
As far as I can tell there is no setuid for bash.
Use cp -p option to preserve file attributes.
Note this will preserve user, group permissions and the modification and access times of the files.
As you need sudo to copy to the directories you are copying to in script, it means you need to be root to copy anything in those directories.
When you do sudo you are root for that particular command or script, so whatever will be created or executed will have root permissions. Till the time you specify.
The possible ways to come out of it without changing anything:
The one you are using, and
Other one to use -p or -a with cp
rsync -go <source file> <destination file>
-g for preserving group and
-o for preserving ownership.
Note If you do a chown out of script, you will have to specifically do sudo chown since files you would be touching belong to root.

Bash CLI: Is there a way to simultaneously create and set permissions on a file without repeating the filename?

Is there a way to simultaneously create and set permissions on a file without repeating the file name?
I tried:
touch text.txt && chmod u+x text.txt
This gives me permission denied when I run it and I want to know how to fix it and: How do I get rid of the repetition?
If you are getting a permissions error when you run your command, that suggests that you do not have permissions to create files where you're trying to create the file. Regarding the rest of your question:
As BroLow said, you can use umask to affect the default permissions of files created in your session. However, this can be inconvenient, particularly if you only want the new permissions in effect for a single command.
You can use the install command to create and set permissions on a file:
install -m <mode> -o <owner> -g <group> <srcfile> <destination>
If you want to create an empty file, you can use /dev/null as a source:
install -m 644 /dev/null <destination>

modify file content

I'm installing a lighttpd server on a remote machine using a bash script. After installation, I need to configure the port for the server. The system says I don't have permission to modify the file /etc/lighttpd/lighttpd.conf even though I do
sudo echo "server.bind=2000" >> /etc/lighttpd/lighttpd.conf
How shall I modify this?
What you're doing is running echo as root, then trying to append its output to the config file as the normal user.
What you want is sudo sh -c 'echo "server.bind=2000" >> /etc/lighttpd/lighttpd.conf'
Try to change the file permission using chmod
$ sudo chmod a+x /etc/lighttpd/lighttpd.conf
If you don't have the right to change the file /etc/lighttpd/lighttpd.conf check the man page of lighthttpd. If you can start it with a different config file, then create a config file somewhere and start lighthttpd with it.
The problem is that the bit on the right of >> is not run under sudo. Either use sudo -i to bring up a root shell a superuser and run the command, or just use an editor as mentioned before.

Resources