What's the equivalent of sudo in msys? - windows

I'm writing a cross-platform shell script that's supposed to work on Unix, Cygwin, and msys. In my shell script I need to perform actions with elevated privileges. On Unix you would do this via sudo, and on Cygwin via something like cygstart --action=runas. What's the equivalent for msys?
All my Googling so far has only turned up this, which isn't practical from a shell script since you have to interact with the GUI.

Elevate does a decent job at this, though it's not entirely sudo-equivalent.

I think I may have found a solution using PowerShell:
escape()
{
RESULT="$1"
RESULT="${RESULT/\'/\\\'\'}" # replace ' with \''
RESULT="${RESULT/\"/\\\\\\\"}" # replace " with \\\"
echo "''$RESULT''" # PowerShell uses '' to escape '
}
sudo()
{
ESCAPED=()
for ARG in "$#"
do
ESCAPED+=($(escape "$ARG"))
done
SHELL_PATH=$(cygpath -w $SHELL)
PS_COMMAND="[Console]::In.ReadToEnd() | Start-Process '$SHELL_PATH' '-c -- \"${ESCAPED[*]}\"' -Verb RunAs"
cat /dev/stdin | powershell -NoProfile -ExecutionPolicy Bypass "$PS_COMMAND"
}
Definitely a bit Extremely hackish, but it's better than nothing. (Or Batch files, for that matter.)

Related

How to run bash commands from pwsh?

We have a powershell script which is 99% cross-platform but occasionally we need an IF LINUX THEN branch because of how different windows and linux service management is.
We would like to run the kill command from bash but this is an alias of the powershell Stop-Process.
How do we run native bash commands like ps, kill and ls from Powershell.
Note sh ps or bash ps do not work.
PS > bash ps
/usr/bin/ps: /usr/bin/ps: cannot execute binary file
Assuming that running bash runs bash from pwsh, you would want bash -c "ps". Normally the argument to bash would be a script that it tries to execute, hence the error "cannot exxecute binary file". ps is not a bash script, but an executable binary. The -c on the other hand runs arbitrary bash code provided as a command line argument, which can obviously run programs like ps.
If you know the location of the command you can just run it:
/usr/bin/kill
Usage:
kill [options] <pid|name]...
...
Otherwise which can find it and run it with Invoke-Expression or iex:
which kill | iex
This can get tricky since which could return multiple lines which you then would have to guess and just take the first one. You also need to somehow add parameters (e.g. 123) to your command:
which kill | select -first 1 | % {iex "$_ 123"}
kill: sending signal to 123 failed: No such process
Had lots of trouble running ant -version from pwsh but this works:
Invoke-Expression "/bin/bash ant -version"
Cross-Platform Function
function RunCommand($Command) {
if($env:OS -eq 'Windows_NT') {
CMD /c $Command
} else {
Invoke-Expression "/bin/bash $Command"
}
}

How to open another PowerShell console from a PowerShell script

In OSX, I open a bash terminal and enter a PowerShell console.
In my PowerShell script, I would like to open another PowerShell console and execute a PowerShell script there.
Under Windows, I would do
Invoke-Expression ('cmd /c start powershell -Command test.ps1')
How could I do the samething in OSX?
To start a PowerShell instance in a new terminal window on macOS:
Without being able to pass arguments to it:
PS> open -a Terminal $PSHOME/powershell
If you want to run a given command:
Unfortunately, quite a bit more work is needed if you want to pass a command to run in the new PowerShell instance:
In essence, you need to place your command in a temporary, self-deleting, executable shell script that is invoked via a shebang line:
Note: Be sure to run at least PowerShell Core v6.0.0-beta.6 for this to work.
Function Start-InNewWindowMacOS {
param(
[Parameter(Mandatory)] [ScriptBlock] $ScriptBlock,
[Switch] $NoProfile,
[Switch] $NoExit
)
# Construct the shebang line
$shebangLine = '#!/usr/bin/env powershell'
# Add options, if specified:
# As an aside: Fundamentally, this wouldn't work on Linux, where
# the shebang line only supports *1* argument, which is `powershell` in this case.
if ($NoExit) { $shebangLine += ' -NoExit' }
if ($NoProfile) { $shebangLine += ' -NoProfile' }
# Create a temporary script file
$tmpScript = New-TemporaryFile
# Add the shebang line, the self-deletion code, and the script-block code.
# Note:
# * The self-deletion code assumes that the script was read *as a whole*
# on execution, which assumes that it is reasonably small.
# Ideally, the self-deletion code would use
# 'Remove-Item -LiteralPath $PSCommandPath`, but,
# as of PowerShell Core v6.0.0-beta.6, this doesn't work due to a bug
# - see https://github.com/PowerShell/PowerShell/issues/4217
# * UTF8 encoding is desired, but -Encoding utf8, regrettably, creates
# a file with BOM. For now, use ASCII.
# Once v6 is released, BOM-less UTF8 will be the *default*, in which
# case you'll be able to use `> $tmpScript` instead.
$shebangLine, "Remove-Item -LiteralPath '$tmpScript'", $ScriptBlock.ToString() |
Set-Content -Encoding Ascii -LiteralPath $tmpScript
# Make the script file executable.
chmod +x $tmpScript
# Invoke it in a new terminal window via `open -a Terminal`
# Note that `open` is a macOS-specific utility.
open -a Terminal -- $tmpScript
}
With this function defined, you can invoke PowerShell with a given command - specified as a script block - as follows:
# Sample invocation
Start-InNewWindowMacOS -NoExit { Get-Date }
I don't know anything about powershell on mac, if that even exists but to open a gui application like a terminal on Mac OS X you can use the open command:
open -a /Applications/Utilities/Terminal.app "" would be a new blank window
open -a /Applications/Utilities/Terminal.app somescrip.sh would be to run a script
or you can make an apple script and run that
save the following in a file (~/OpenNewTerminal.scp):
tell application "Terminal"
do script " "
activate
end tell
then you can run it with osascript
osascript ~/OpenNewTerminal.scp
of course the more bash idiomatic way would be to run in a subshell or in the background
subshell:
output=$(ls)
echo $output
background:
./command &
background with redirected output so it doesn't bleed into your current shell:
./command 2>&1 > /dev/null

How can I open shell and then execute a command inside it

What I want is to open default shell, then call another and execute a command there.
Was trying something like this:
c:/Windows/System32/bash.exe -c "zsh & zstyle"
or
cmd /k "c:/Windows/System32/bash.exe -c zsh" & zstyle - this open shell but doesn't run a commands
or
c:/Windows/System32/bash.exe -c "zsh -c 'zstyle'"
Currently I am using a cmder/conemu terminal for windows.
Unfortunately, passing a startup to command to zsh with -c and keeping it open for interactive use (with -i) doesn't work.
Disclaimer: The following solutions were tested from a regular Command Prompt (cmd.exe), not cmder/conemu, though I'd expect them to work there too.
To try them from PowerShell (v3+), insert --% as the first argument after (right after bash.exe).
Here's a workaround:
c:/Windows/System32/bash.exe -c "zsh -c 'zstyle' && exec zsh -i"
Note that command zstyle is executed in a different, transient zsh instance, so this approach won't work for commands whose purpose is to modify the environment of the interactive shell that stays open.
If that is a requirement, things get more complicated (this solution courtesy of this answer):
c:/Windows/System32/bash.exe -c "{ { echo 'zstyle'; echo 'exec 0<&3-';} | zsh -i; } 3<&0"
Note, however, that both commands being executed will be printed before their output, if any, is shown, preceded by the prompt - as if the commands had been typed interactively.

Running a delayed command with 'sudo'

I want run a Bash script as root, but delayed. How can I achieve this?
sudo "sleep 3600; command" , or
sudo (sleep 3600; command)
does not work.
You can use at:
sudo at next hour
And then you have to enter the command and close the file with Ctrl+D. Alternatively you can specify commands to be run in a file:
sudo at -f commands next hour
If you really must avoid using cron:
sudo sh -c "(sleep 3600; command)&"
The simplest answer is:
sudo bash -c 'sleep 3600; command' &
Because sleep is a shell command and not an executable, and the semicolon is a shell “operator” too, it is a shell script, and hence needs to run in a shell. bash -c tells sudo to run bash and pass it a script to execute as a string.
Of course this will “hang” until command has actually finished running, or be killed if you exit the surrounding shell. I haven’t found a simple way to use nohup to prevent that here, and at that point, you’re basically reimplementing the at command anyway. I have found the above solution useful in many simple cases though. ;)
For anything more complex… of course you can always make a real shell script file, with a shebang (#! …) at the start, and run that. But I assume the whole point is that you wanted to avoid this for something that simple.
You could theoretically pass a string as a file using Bash’s … <( … ) syntax, but sudo expects it to be a real file, and marked as executable too, so that won’t work.
Use:
sleep 3600; sudo <command>
Anyway, I would consider using cron in your case…

Root user/sudo equivalent in Cygwin?

I'm trying to run a bash script in Cygwin.
I get Must run as root, i.e. sudo ./scriptname errors.
chmod 777 scriptname does nothing to help.
I've looked for ways to imitate sudo on Cygwin, to add a root user, since calling "su" renders the error su: user root does not exist, anything useful, and have found nothing.
Anyone have any suggestions?
I answered this question on SuperUser but only after the OP disregarded the unhelpful answer that was at the time the only answer to the question.
Here is the proper way to elevate permissions in Cygwin, copied from my own answer on SuperUser:
I found the answer on the Cygwin mailing list. To run command with elevated privileges in Cygwin, precede the command with cygstart --action=runas like this:
$ cygstart --action=runas command
This will open a Windows dialogue box asking for the Admin password and run the command if the proper password is entered.
This is easily scripted, so long as ~/bin is in your path. Create a file ~/bin/sudo with the following content:
#!/usr/bin/bash
cygstart --action=runas "$#"
Now make the file executable:
$ chmod +x ~/bin/sudo
Now you can run commands with real elevated privileges:
$ sudo elevatedCommand
You may need to add ~/bin to your path. You can run the following command on the Cygwin CLI, or add it to ~/.bashrc:
$ PATH=$HOME/bin:$PATH
Tested on 64-bit Windows 8.
You could also instead of above steps add an alias for this command to ~/.bashrc:
# alias to simulate sudo
alias sudo='cygstart --action=runas'
You probably need to run the cygwin shell as Administrator. You can right click the shortcut and click run as administrator or go into the properties of the shortcut and check it in the compatability section. Just beware.... root permissions can be dangerous.
Building on dotancohen's answer I'm using an alias:
alias sudo="cygstart --action=runas"
Works as a charm:
sudo chown User:Group <file>
And if you have SysInternals installed you can even start a command shell as the system user very easily
sudo psexec -i -s -d cmd
I found sudo-for-cygwin, maybe this would work, it is a client/server application that uses a python script to spawn a child process in windows (pty) and bridges user's tty and the process I/O.
It requires python in windows and Python modules greenlet, and eventlet in Cygwin.
It seems that cygstart/runas does not properly handle "$#" and thus commands that have arguments containing spaces (and perhaps other shell meta-characters -- I didn't check) will not work correctly.
I decided to just write a small sudo script that works by writing a temporary script that does the parameters correctly.
#! /bin/bash
# If already admin, just run the command in-line.
# This works on my Win10 machine; dunno about others.
if id -G | grep -q ' 544 '; then
"$#"
exit $?
fi
# cygstart/runas doesn't handle arguments with spaces correctly so create
# a script that will do so properly.
tmpfile=$(mktemp /tmp/sudo.XXXXXX)
echo "#! /bin/bash" >>$tmpfile
echo "export PATH=\"$PATH\"" >>$tmpfile
echo "$1 \\" >>$tmpfile
shift
for arg in "$#"; do
qarg=`echo "$arg" | sed -e "s/'/'\\\\\''/g"`
echo " '$qarg' \\" >>$tmpfile
done
echo >>$tmpfile
# cygstart opens a new window which vanishes as soon as the command is complete.
# Give the user a chance to see the output.
echo "echo -ne '\n$0: press <enter> to close window... '" >>$tmpfile
echo "read enter" >>$tmpfile
# Clean up after ourselves.
echo "rm -f $tmpfile" >>$tmpfile
# Do it as Administrator.
cygstart --action=runas /bin/bash $tmpfile
Or install syswin package, which includes a port of su for cygwin: http://sourceforge.net/p/manufacture/wiki/syswin-su/
This answer is based off of another answer. First of all, make sure your account is in the Administrators group.
Next, create a generic "runas-admin.bat" file with the following content:
#if (1==1) #if(1==0) #ELSE
#echo off&SETLOCAL ENABLEEXTENSIONS
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"||(
cscript //E:JScript //nologo "%~f0" %*
#goto :EOF
)
FOR %%A IN (%*) DO (
"%%A"
)
#goto :EOF
#end #ELSE
args = WScript.Arguments;
newargs = "";
for (var i = 0; i < args.length; i++) {
newargs += "\"" + args(i) + "\" ";
}
ShA=new ActiveXObject("Shell.Application");
ShA.ShellExecute("cmd.exe","/c \""+WScript.ScriptFullName+" "+newargs+"\"","","runas",5);
#end
Then execute the batch file like this:
./runas-admin.bat "<command1> [parm1, parm2, ...]" "<command2> [parm1, parm2, ...]"
For exaxmple:
./runas-admin.bat "net localgroup newgroup1 /add" "net localgroup newgroup2 /add"
Just make sure to enclose each separate command in double quotes. You will only get the UAC prompt once using this method and this procedure has been generalized so you could use any kind of command.
A new proposal to enhance SUDO for CygWin from GitHub in this thread, named TOUACExt:
Automatically opens sudoserver.py.
Automatically closes sudoserver.py after timeout (15 minutes default).
Request UAC elevation prompt Yes/No style for admin users.
Request Admin user/password for non-admin users.
Works remotely (SSH) with admin accounts.
Creates log.
Still in Pre-Beta, but seems to be working.
I landed here through google, and I actually believe I've found a way to gain a fully functioning root promt in cygwin.
Here are my steps.
First you need to rename the Windows Administrator account to "root"
Do this by opening start manu and typing "gpedit.msc"
Edit the entry under
Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > Accounts: Rename administrator account
Then you'll have to enable the account if it isn't yet enabled.
Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > Accounts: Administrator account status
Now log out and log into the root account.
Now set an environment variable for cygwin. To do that the easy way:
Right Click My Computer > Properties
Click (on the left sidebar) "Advanced system settings"
Near the bottom click the "Enviroment Variables" button
Under "System Variables" click the "New..." button
For the name put "cygwin" without the quotes.
For the value, enter in your cygwin root directory. ( Mine was C:\cygwin )
Press OK and close all of that to get back to the desktop.
Open a Cygwin terminal (cygwin.bat)
Edit the file /etc/passwd
and change the line
Administrator:unused:500:503:U-MACHINE\Administrator,S-1-5-21-12345678-1234567890-1234567890-500:/home/Administrator:/bin/bash
To this (your numbers, and machine name will be different, just make sure you change the highlighted numbers to 0!)
root:unused:0:0:U-MACHINE\root,S-1-5-21-12345678-1234567890-1234567890-0:/root:/bin/bash
Now that all that is finished, this next bit will make the "su" command work. (Not perfectly, but it will function enough to use. I don't think scripts will function correctly, but hey, you got this far, maybe you can find the way. And please share)
Run this command in cygwin to finalize the deal.
mv /bin/su.exe /bin/_su.exe_backup
cat > /bin/su.bat << "EOF"
#ECHO OFF
RUNAS /savecred /user:root %cygwin%\cygwin.bat
EOF
ln -s /bin/su.bat /bin/su
echo ''
echo 'All finished'
Log out of the root account and back into your normal windows user account.
After all of that, run the new "su.bat" manually by double clicking it in explorer. Enter in your password and go ahead and close the window.
Now try running the su command from cygwin and see if everything worked out alright.
Being unhappy with the available solution, I adopted nu774's script to add security and make it easier to setup and use. The project is available on Github
To use it, just download cygwin-sudo.py and run it via python3 cygwin-sudo.py **yourcommand**.
You can set up an alias for convenience:
alias sudo="python3 /path-to-cygwin-sudo/cygwin-sudo.py"
Use this to get an admin window with either bash or cmd running, from any directories context menue. Just right click on a directory name, and select the entry or hit the highlited button.
This is based on the chere tool and the unfortunately not working answer (for me) from link_boy. It works fine for me using Windows 8,
A side effect is the different color in the admin cmd window. To use this on bash, you can change the .bashrc file of the admin user.
I coudln't get the "background" version (right click into an open directory) to run. Feel free to add it.
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\Directory\shell\cygwin_bash]
#="&Bash Prompt Here"
"Icon"="C:\\cygwin\\Cygwin.ico"
[HKEY_CLASSES_ROOT\Directory\shell\cygwin_bash\command]
#="C:\\cygwin\\bin\\bash -c \"/bin/xhere /bin/bash.exe '%L'\""
[HKEY_CLASSES_ROOT\Directory\shell\cygwin_bash_root]
#="&Root Bash Prompt Here"
"Icon"="C:\\cygwin\\Cygwin.ico"
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\Directory\shell\cygwin_bash_root\command]
#="runas /savecred /user:administrator \"C:\\cygwin\\bin\\bash -c \\\"/bin/xhere /bin/bash.exe '%L'\\\"\""
[HKEY_CLASSES_ROOT\Directory\shell\cygwin_cmd]
#="&Command Prompt Here"
[HKEY_CLASSES_ROOT\Directory\shell\cygwin_cmd\command]
#="cmd.exe /k cd %L"
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\Directory\shell\cygwin_cmd_root]
#="Roo&t Command Prompt Here"
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\Directory\shell\cygwin_cmd_root\command]
#="runas /savecred /user:administrator \"cmd.exe /t:1E /k cd %L\""
A very simple way to have a cygwin shell and corresponding subshells to operate with administrator privileges is to change the properties of the link which opens the initial shell.
The following is valid for Windows 7+ (perhaps for previous versions too, but I've not checked)
I usually start the cygwin shell from a cygwin-link in the start button (or desktop).
Then, I changed the properties of the cygwin-link in the tabs
/Compatibility/Privilege Level/
and checked the box,
"Run this program as an administrator"
This allows the cygwin shell to open with administrator privileges and the corresponding subshells too.
I met this discussion looking for some details on the sudo implementation in different operating systems. Reading it I found that the solution by #brian-white (https://stackoverflow.com/a/42956057/3627676) is useful but can be improved slightly. I avoided creating the temporary file and implemented to execute everything by the single script.
Also I investigated the next step of the improvement to output within the single window/console. Unfortunately, without any success. I tried to use named pipes to capture STDOUT/STDERR and print in the main window. But child process didn't write to named pipes. However writing to a regular file works well.
I dropped any attempts to find the root cause and left the current solution as is. Hope my post can be useful as well.
Improvements:
no temporary file
no parsing and reconstructing the command line options
wait the elevated command
use mintty or bash, if the first one not found
return the command exit code
#!/bin/bash
# Being Administrators, invoke the command directly
id -G | grep -qw 544 && {
"$#"
exit $?
}
# The CYG_SUDO variable is used to control the command invocation
[ -z "$CYG_SUDO" ] && {
mintty="$( which mintty 2>/dev/null )"
export CYG_SUDO="$$"
cygstart --wait --action=runas $mintty /bin/bash "$0" "$#"
exit $?
}
# Now we are able to:
# -- launch the command
# -- display the message
# -- return the exit code
"$#"
RETVAL=$?
echo "$0: Press to close window..."
read
exit $RETVAL
Based on #mat-khor's answer, I took the syswin su.exe, saved it as manufacture-syswin-su.exe, and wrote this wrapper script. It handles redirection of the command's stdout and stderr, so it can be used in a pipe, etc. Also, the script exits with the status of the given command.
Limitations:
The syswin-su options are currently hardcoded to use the current user. Prepending env USERNAME=... to the script invocation overrides it. If other options were needed, the script would have to distinguish between syswin-su and command arguments, e.g. splitting at the first --.
If the UAC prompt is cancelled or declined, the script hangs.
.
#!/bin/bash
set -e
# join command $# into a single string with quoting (required for syswin-su)
cmd=$( ( set -x; set -- "$#"; ) 2>&1 | perl -nle 'print $1 if /\bset -- (.*)/' )
tmpDir=$(mktemp -t -d -- "$(basename "$0")_$(date '+%Y%m%dT%H%M%S')_XXX")
mkfifo -- "$tmpDir/out"
mkfifo -- "$tmpDir/err"
cat >> "$tmpDir/script" <<-SCRIPT
#!/bin/env bash
$cmd > '$tmpDir/out' 2> '$tmpDir/err'
echo \$? > '$tmpDir/status'
SCRIPT
chmod 700 -- "$tmpDir/script"
manufacture-syswin-su -s bash -u "$USERNAME" -m -c "cygstart --showminimized bash -c '$tmpDir/script'" > /dev/null &
cat -- "$tmpDir/err" >&2 &
cat -- "$tmpDir/out"
wait $!
exit $(<"$tmpDir/status")
Can't fully test this myself, I don't have a suitable script to try it out on, and I'm no Linux expert, but you might be able to hack something close enough.
I've tried these steps out, and they 'seem' to work, but don't know if it will suffice for your needs.
To get round the lack of a 'root' user:
Create a user on the LOCAL windows machine called 'root', make it a member of the 'Administrators' group
Mark the bin/bash.exe as 'Run as administrator' for all users (obviously you will have to turn this on/off as and when you need it)
Hold down the left shift button in windows explorer while right clicking on the Cygwin.bat file
Select 'Run as a different user'
Enter .\root as the username and then your password.
This then runs you as a user called 'root' in cygwin, which coupled with the 'Run as administrator' on the bash.exe file might be enough.
However you still need a sudo.
I faked this (and someone else with more linux knowledge can probably fake it better) by creating a file called 'sudo' in /bin and using this command line to send the command to su instead:
su -c "$*"
The command line 'sudo vim' and others seem to work ok for me, so you might want to try it out.
Be interested to know if this works for your needs or not.
What I usually do is have a registry "Open Here" helper in order to open a cygwin shell with administrative privileges quite easy from anywhere in my computer.
Be aware you have to have the cygwin "chere" package installed, use "chere -i -m" from an elevated cygwin shell first.
Assuming your cygwin installation is in C:\cygwin...
Here's the registry code:
Windows Registry Editor Version 5.00
[-HKEY_CLASSES_ROOT\Directory\shell\cygwin_bash]
[HKEY_CLASSES_ROOT\Directory\shell\cygwin_bash]
#="Open Cygwin Here as Root"
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\Directory\shell\cygwin_bash\command]
#="c:\\cygwin\\bin\\mintty.exe -i /Cygwin-Terminal.ico -e /bin/xhere /bin/bash.exe"
[-HKEY_CLASSES_ROOT\Directory\Background\shell\cygwin_bash]
[HKEY_CLASSES_ROOT\Directory\Background\shell\cygwin_bash]
#="Open Cygwin Here as Root"
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\Directory\Background\shell\cygwin_bash\command]
#="c:\\cygwin\\bin\\mintty.exe -i /Cygwin-Terminal.ico -e /bin/xhere /bin/bash.exe"
[-HKEY_CLASSES_ROOT\Drive\shell\cygwin_bash]
[HKEY_CLASSES_ROOT\Drive\shell\cygwin_bash]
#="Open Cygwin Here as Root"
"HasLUAShield"=""
[HKEY_CLASSES_ROOT\Drive\shell\cygwin_bash\command]
#="c:\\cygwin\\bin\\mintty.exe -i /Cygwin-Terminal.ico -e /bin/xhere /bin/bash.exe"
Hope this helps. Let me know if it works for you. Thanks.
PS: You can grab this code, copy and paste it and save it in a name.reg file to run it... or you can manually add the values.
Just simplifying the accepted answer, copy past the below in a Cygwin terminal and you are done:
cat <<EOF >> /bin/sudo
#!/usr/bin/bash
cygstart --action=runas "\$#"
EOF
chmod +x /bin/sudo
Try:
chmod -R ug+rwx <dir>
where <dir> is the directory on which you
want to change permissions.

Resources