all "myscript.sh" does right now is echo "hello".
[jack#server1 scripts]$ ./myscript.sh
hello
the root user gave me the option to run the script as root without a password but when I do, the script doesn't print the "hello"
[jack#server1 scripts]$ sudo ./myscript.sh
Password:
[jack#server1 scripts]$
what am I doing wrong here? do I need to add some kind of switch ?
I don't see anything about this in man sudo
by the way, obviously I don't have root access to configure anything about this
this is the content of the script:
#!/bin/bash +xv
echo "hello"
and about the permissions and ownership:
[jack#server1 scripts]$ls -l myscript.sh
-rwxrwxr-x 1 jack SiteAdmin 1279 Dec 4 07:54 myscript.sh
Related
I have a scenario to automate the manual build update process via shell script on multiple VM nodes.
For the same, I am trying the below sample script to first ssh into the instance and then switch to root user to perform the further steps like copying the build to archives directory under /var and then proceed with the later steps.
Below is the sample script,
#!/bin/sh
publicKey='/path/to/publickey'
buildVersion='deb9.deb build'
buildPathToStore='/var/cache/apt/archives/'
pathToHomedir='/home'
script="whoami && pwd && ls -la && whoami && mv ${buildVersion} ${buildPathToStore} && find ${buildPathToStore} | grep deb9"
for var in "$#"
do
copyBuildPath="${publicKey} ${buildVersion} ${var}:/home/admin/"
echo "copy build ==>" ${copyBuildPath}
scp -r -i ${copyBuildPath}
ssh -i $publicKey -t $var "sudo su - & ${script}; " # This shall execute all commands as root
done
So the CLI stats for the above script are something like this
admin //this is the user check
/home/admin
total 48
drwxr-xr-x 6 admin admin 4096 Dec 6 00:28 .
drwxr-xr-x 6 root root 4096 Nov 17 14:07 ..
drwxr-xr-x 3 admin admin 4096 Nov 17 14:00 .ansible
drwx------ 2 admin admin 4096 Nov 23 18:26 .appdata
-rw------- 1 admin admin 5002 Dec 6 17:47 .bash_history
-rw-r--r-- 1 admin admin 220 May 16 2017 .bash_logout
-rw-r--r-- 1 admin admin 3506 Jun 14 2019 .bashrc
-rw-r--r-- 1 admin admin 675 May 16 2017 .profile
drwx------ 4 admin admin 4096 Nov 23 18:26 .registry
drwx------ 2 admin admin 4096 Jun 21 2019 .ssh
-rw-r--r-- 1 admin admin 0 Dec 6 19:42 testFile.txt
-rw------- 1 admin admin 2236 Jun 21 2019 .viminfo
admin
If I use sudo su -c and remove &
like:
ssh -i $publicKey -t $var "sudo su -c ${script}; "
Then for once whoami returns the user as root but the working directory still prints as /home/admin instead of /root
And the next set of commands are still accounted for admin user rather than the root. So the admin user do not have the privileges to move the build to archive directory and install the build.
Using & I want to ensure that the further steps are being done in the background.
Not sure how to proceed ahead with this. Good suggestions are most welcome right now :)
"sudo su - & ${script}; "
expands to:
sudo su - & whoami && pwd && ...
First sudo su - is run in the background. Then the command chain is executed.
sudo su -c ${script};
expands to:
sudo su -c whoami && pwd && ...
So first sudo su - whoami is executed, which runs whoami as root. Then if this command is successful, then pwd is executed. As normal user.
It is utterly hard to correctly pass commands to execute on remote site using ssh. It is increasingly hard to do it with sudo su - the command will be triple (or twice?) word splitted - one time by ssh, then by the shell, then by the shell run by sudo su.
If you do not need interactive communication, it's best to use a here document with -s shell option, something along (untested):
# DO NOT store commands to use in a variable.
# or if you do and you know what you are doing, properly quote it (printf "%q ") and run it via eval
script() {
set -euo pipefail
whoami
pwd
ls -la
whoami
mv "$buildVersion" "$buildPathToStore"
find "$buildPathToStore" | grep deb9
}
ssh ... "sudo bash -s" <<EOF
echo "Yay! anything here!"
echo "Note that here document delimiter is not quoted!"
$(
# safely import context to work with
# note how command substitution is executed on host side
declare -f script
# pass variables too!
declare -p buildVersion buildPathToStore buildPathToStore
)
script
EOF
When you use su alone it keeps you in your actual directory, if you use su - it simulates the root login.
You should write : su - root -c ${script};
I need to check from bash script (running with root priveledges) if another user is question can execute sudo as a dedicaite permission via 'username ALL=(ALL) NOPASSWD: ALL' in sudoers.
simple command run from a user in question easily returns 1 or 0:
sudo -n uptime 2>&1|grep 'load'|wc -l
but it always returns as empty if I change the user within script:
sudo -i -u username bash <<EOF
CAN_I_RUN_SUDO="$(sudo -n uptime 2>&1|grep 'load'|wc -l)"
echo "$CAN_I_RUN_SUDO"
whoami
EOF
Here is my full script:
sudo -i -u username bash <<EOF
whoami
CAN_I_RUN_SUDO="$(sudo -n uptime 2>&1|grep 'load'|wc -l)"
echo "$CAN_I_RUN_SUDO"
EOF
if [ ${CAN_I_RUN_SUDO} -gt 0 ]
then
echo "I can run the Sudo command. No need to change sudoers"
else
echo "I can't run the Sudo command. Added to Sudoers."
sh -c "echo \"username ALL=(ALL) NOPASSWD: ALL\" >> /etc/sudoers"
fi
However, $CAN_I_RUN_SUDO is always returns empty (rather then 0 or 1) when I run it as a script. :-( so condition always fails.
I obviously missing something, but can't see it. Could you please help me?
Instead of grepping for output, you may be able to just check the return value of sudo:
if sudo -i -u username sudo -n uptime 2>&1; then
echo "I can run the Sudo command. No need to change sudoers"
else
echo "I can't run the Sudo command. Added to Sudoers."
echo "username ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
fi
If I may, my unrelated security advice would be to avoid automatically adding users to the sudoers file.
hi i have a script where i am performing sudo and going to particular directory,and within that directory editing files name as required. After getting required file name i want to FTP files on windows machine but script after reading FTP commands says-:
-bash: line 19: quote: command not found
-bash: line 20: quote: command not found
-bash: line 21: put: command not found
-bash: line 22: quit: command not found
My ftp is working if i run normally so it is some other problem.Script is below-:
#!/usr/bin/
path=/global/u70/glob
echo password | sudo -S -l
sudo /usr/bin/su - glob << 'EOF'
#ls -lrt
cd "$path"
pwd
for entry in $(ls -r)
do
if [ "$entry" = "ADM" ];then
cd "$entry"
FileName=$(ls -t | head -n1)
echo "$FileName"
FileNameIniKey=$(ls -t | head -n1 | cut -c 12-20)
echo "$FileNameIniKey"
echo "$xmlFileName" >> "$xmlFileNameIniKey.ini"
chmod 755 "$FileName"
chmod 755 "$FileNameIniKey.ini"
ftp -n hostname
quote USER ftp
quote PASS
put "$FileName"
quit
rm "$FileNameIniKey.ini"
fi
done
EOF
You can improve your questions and make them easier to answer and more useful for future readers by including a minimal, self-contained example. Here's an example:
#!/bin/bash
ftp -n mirrors.rit.edu
quote user anonymous
quote pass mypass
ls
When executed, you get a manual FTP session instead of a file listing:
$ ./myscript
Trying 2620:8d:8000:15:225:90ff:fefd:344c...
Connected to smoke.rc.rit.edu.
220 Welcome to mirrors.rit.edu.
ftp>
The problem is that you're assuming that a script is a series of strings that are automatically typed into a terminal. This is not true. It's a series of commands that are executed one after another.
Nothing happens with quote user anonymous until AFTER ftp has exited, and then it's run as a shell command instead of being written to the ftp command.
Instead, specify login credentials on the command line and then include commands in a here document:
ftp -n "ftp://anonymous:passwd#mirrors.rit.edu" << end
ls
end
This works as expected:
$ ./myscript
Trying 2620:8d:8000:15:225:90ff:fefd:344c...
Connected to smoke.rc.rit.edu.
220 Welcome to mirrors.rit.edu.
331 Please specify the password.
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
200 Switching to Binary mode.
229 Entering Extended Passive Mode (|||19986|).
150 Here comes the directory listing.
drwxrwxr-x 12 3002 1000 4096 Jul 11 20:00 CPAN
drwxrwsr-x 10 0 1001 4096 Jul 11 21:08 CRAN
drwxr-xr-x 18 1003 1000 4096 Jul 11 18:02 CTAN
drwxrwxr-x 5 89987 546 4096 Jul 10 10:00 FreeBSD
ftp -n "ftp://anonymous:passwd#mirrors.rit.edu" << end
Name or service not known
I have a bash script, create-file.sh, that creates a file named a:
$ cat create-file.sh
# /bin/bash
touch a
When I run the script it creates a file 'a' with my user as owner.
$ ./create-file.sh
$ ls -l
-rw-r--r-- 1 shai wheel 0 Aug 16 17:19 a
However when I run the script under sudo the file is created with root as user:
$ sudo ./create-file.sh
$ ls -l
-rw-r--r-- 1 root wheel 0 Aug 16 17:19 a
Is there a way to tell a script that runs under sudo to create the file with my user as owner?
you would be correct to say that a script that touches a single file does not need to run under sudo. This example is of course a reduction of the original problem, my script has much more and does need to run under sudo, but I still want the files to be created with my user as owner.
sudo exports the original username as SUDO_USER; you can chown to that.
#!/bin/bash
touch a
[[ $SUDO_USER ]] && chown "$SUDO_USER" a
Similarly, if your sudo configuration allows (as is default) root to drop privileges to any other user without an explicit password prompt, you can take advantage of that:
#!/bin/bash
# drop privileges back to non-root user if we got here with sudo
depriv() {
if [[ $SUDO_USER ]]; then
sudo -u "$SUDO_USER" -- "$#"
else
"$#"
fi
}
depriv touch a
I have a gist that I always use to install the packages I need on a fresh server.
http://gist.github.com/4372049
All I need to do is to type the following in the fresh server via ssh
bash -c "$(curl -fsSL https://raw.github.com/gist/4372049)" <mysqlPassword>
I will be good to go.
Now I have this series of steps I always need to perform on a fresh installation of ubuntu.
first at root i did a
echo $SHELL
I saw that I have /bin/bash
then i switch to www-data
sudo su www-data
then i do a
echo $SHELL
I saw that I had
/bin/sh
instead.
So I did a
chsh -s /bin/bash
I was prompted for my www-data password so I gave it.
Password:
after that I switch back to root
exit
then i log back into www-data
sudo su www-data
I checked the $SHELL again
echo $SHELL
I saw that now it is
/bin/bash
listed here in https://askubuntu.com/a/232663/10591
Is there a way to write a bash script I can put up in gist.github.com to use in a similar way to execute?
if so, how do I write the bash script?
UPDATE:
I realized that I was given a vote to close this question because it was deemed too localized.
Let me rephrase this to
how do I write a bash script that I can put up in gist and use it in my linux console such that it can take in arguments for username and password and therefore execute the command
chsh -s /bin/bash
and supplying the password correctly?
This is my attempt: https://gist.github.com/simkimsia/5126919
the su worked, but not the chsh command
Update 2:
I have changed the script to be
EXPECTEDARGS=1
if [ $# -ne $EXPECTEDARGS -o "x$0" == "x" -o $0 == "bash" ]; then
echo "Usage:"
echo " Parameter 1: your username"
echo " Parameter 2: your password"
exit 1
fi
CHANGESHELL_FOR_USER=$0
PASSWORD_OF_USER=$1
########################################
## switch to another user
## read this https://stackoverflow.com/a/1988255/80353
########################################
sudo -u $CHANGESHELL_FOR_USER -H sh -c "chsh -s /bin/bash"
expect "*?assword:*" {send -- "$PASSWORD_OF_USER\r";}
expect eof
after reading how to use a shell script to supply a password when the interface asks for it
and
https://stackoverflow.com/a/1988255/80353
Now the problem is somehow sending the password when prompted for
Password:
As long as you are running the below command as root, you will be fine.
chsh -s /bin/bash <username>
in this case, it is
chsh -s /bin/bash www-data
See https://gist.github.com/simkimsia/4372049#file-installation-12-10-ubuntu-sh-L373