I'm working with the edx open source code base and I'm putting together a dotfile to make it easier to perform various tasks on the server.
I'm having trouble with the following bash function
edx-compile_assets() {
sudo -H -u edxapp bash
source /edx/app/edxapp/edxapp_env
cd /edx/app/edxapp/edx-platform
paver update_assets cms --settings=aws
paver update_assets lms --settings=aws
}
When sudo -H -u edxapp bash is run, the function halts and nothing happens, when I exit from that env, then the remaining functions execute not as the edxapp user, but as a normal user, which causes the commands to fail.
So basically, it looks like sudo -H -u edxapp bash starts a separate process, and when that process ends, the remainder of the function executes
I guess what I'm looking for is a simple way to run commands as the edxapp user which is activated with sudo -H -u edxapp bash
Any help is appreciated, thanks :)
IIRC, bash takes a-c option, allowing you to invoke bash and immediately execute a command/script. So I'd put the extra statements (source, cd, paver ...) into a script and add -c myRemainingScript.sh at the end of your sudo line.
Related
I have a bash script that partially needs to be running with default user rights, but there are some parts that involve using sudo (like copying stuff into system folders) I could just run the script with sudo ./script.sh, but that messes up all file access rights, if it involves creating or modifying files in the script.
So, how can I run script using sudo for some commands? Is it possible to ask for sudo password in the beginning (when the script just starts) but still run some lines of the script as a current user?
You could add this to the top of your script:
while ! echo "$PW" | sudo -S -v > /dev/null 2>&1; do
read -s -p "password: " PW
echo
done
That ensures the sudo credentials are cached for 5 minutes. Then you could run the commands that need sudo, and just those, with sudo in front.
Edit: Incorporating mklement0's suggestion from the comments, you can shorten this to:
sudo -v || exit
The original version, which I adapted from a Python snippet I have, might be useful if you want more control over the prompt or the retry logic/limit, but this shorter one is probably what works well for most cases.
Each line of your script is a command line. So, for the lines you want, you can simply put sudo in front of those lines of your script. For example:
#!/bin/sh
ls *.h
sudo cp *.h /usr/include/
echo "done" >>log
Obviously I'm just making stuff up. But, this shows that you can use sudo selectively as part of your script.
Just like using sudo interactively, you will be prompted for your user password if you haven't done so recently.
I have a php page.
It calls a validation bash script that checks variables passed from the php page.
I then call another bash script that I need to execute under root user. I have followed the guide here How to run from PHP a bash script under root user and still can not get script to execute as root.
I have the following:
php page
$bashFile = shell_exec('./Validation.sh "'.$coinName.'" "'.$coinNameAbreviation.'" "'.$blockReward.'" "'.$blockSpacing.'" "'.$targetTimespan.'" "'.$totalCoins.'" "'.$firstBitAddy.'" "'.$seedNode.'" "'.$seedName.'" "'.$headline.'" ');
echo "<pre>$bashFile</pre>";
the validation file:
sudo nohup /bin/bash /usr/sbin/CoinCreationBashFile "$coinName" "$coinNameAbreviation" "$blockReward" "$blockSpacing" "$targetTimespan" "$totalCoins" "$firstAddyBit" "$seedNode" "$nameSeedNode" "$headline" "$blocksPerDay" "$startingDifficulty" >> /tmp/BASH2log.txt 2>&1 &
I have added
www-data ALL=NOPASSWD /usr/sbin/CoinCreationBashFile
to the end of the sudo visudo
and did:
chown root:root /usr/sbin/CoinCreationBashFile
chmod 755 /usr/sbin/CoinCreationBashFile
was running it from usr/sbin from suggestion here http://ubuntuforums.org/showthread.php?t=1848069
Can anyone see what I am doing wrong?? Many thanks
edit: I can run the CoinCreationBashFile script without the sudo command and it runs ok up to one point where it needs root priv... so i know the script working, and executing from the terminal the script runs perfectly as desired. output in tmp/BASH2log.txt
sudo: no tty present and noaskpass program specified
This question is similar to sudo in php exec() and they did not arrive at a conclusion.
In your case, since only one bash script needs to be executed in this fashion, considering using setuid instead:
$ su
[enter password]
chown root:root something.sh
chmod 4755 something.sh
exit
Note: Some Linux distributions disable setuid for shell scripts by default for security reasons.
Update: Apparently no commonly used Linux distribution today allows setuid on shell scripts. Perl used to be the exception, but suid-perl is now deprecated.
The only way to execute your bash script using this method is to invoke it from a compiled binary. See the example with the C code on how to do this.
I recently published a project that allows PHP to obtain and interact with a real Bash shell, you can easily get a shell with root. Get it here: https://github.com/merlinthemagic/MTS
After downloading you would simply use the following code:
$shell = \MTS\Factories::getDevices()->getLocalHost()->getShell('bash', true);
$strCmd = "/usr/sbin/CoinCreationBashFile ".$coinName." ".$coinNameAbreviation." ".$blockReward." ".$blockSpacing." ".$targetTimespan." ".$totalCoins." ".$firstAddyBit." ".$seedNode." ".$nameSeedNode." ".$headline." ".$blocksPerDay." ".$startingDifficulty." >> /tmp/BASH2log.txt 2>&1 &";
$return1 = $shell->exeCmd($strCmd);
//if there is any return from the script you can wait for the return
//or you can trigger like you have it now and get no return.
You have a typo in visudo entry. There is no R in the NOPASSWD. It should be:
www-data ALL=NOPASSWD /usr/sbin/CoinCreationBashFile
If I am in the middle running a bash script, is there any way to switch over to root user, process a command, and then exit root mode? For example, I'd like to include these commands in the middle of a bash script:
sudo su
umount /home/user/myMount
exit
The problem is that after the first line runs, the shell goes into root mode, but then stops execution. Of course, I could create and execute a second script at this point, but this defeats the purpose of scripting since I could just type the commands myself.
The other obvious idea is to run the script from with the root user at the outset. However, some of the other commands in this script fail if I am the root user since they would expose security vulnerabilities with this much access.
So, I need a way to get into the root and then exit out of it.
Thanks.
Specify a Command
The sudo command can take a command and optional arguments. For example:
sudo umount /home/user/myMount
This will run only the specified command and its arguments as root. If you want to run the command as another user, you can use the -u flag. For example, to run umount as Fred, you could use:
sudo -u fred umount /home/user/myMount
While there are certainly other ways to address this issue, this is by far the simplest and most common.
In order to perform the umount as root, use
sudo umount /home/user/myMount
I have a simple shell script that is run with sudo as most of the script requires it, yet one of the commands in the script is a Homebrew install, which cannot be executed with sudo..
So, my question is when executing a shell script with sudo how do I execute sub commands as the current user and then continue the remainder of the script with sudo.
Prompting the user to enter his password again is not really practical as the script takes really long to execute and would require waiting 5-10 min for the prompt.
The easiest way is to run the subcommand via sudo from within the script. The user id to run with can be obtained by $SUDO_USER (look at the output of sudo env):
sudo -u $SUDO_USER ./exec_as_normal_user.sh
Instantiate the shell using
sudo -u $USER_NAME bash
and execute the shell script by calling,
./program.sh
I have a shell script which needs non-root user account to run certain commands and then change the user to root to run the rest of the script. I am using SUSE11.
I have used expect to automate the password prompt. But when I use
spawn su -
and the command gets executed, the prompt comes back with root and the rest of the script does not execute.
Eg.
< non-root commands>
spawn su -
<root commands>
But after su - the prompt returns back with user as root.
How to execute the remaining of the script.
The sudo -S option does not help as it does not run sudo -S ifconfig command which I need to find the IP address of the machine.
I have already gone through these links but could not find a solution:
Change script directory to user's homedir in a shell script
Changing unix user in a shell script
sudo will work here but you need to change your script a little bit:
$ cat 1.sh
id
sudo -s <<EOF
echo Now i am root
id
echo "yes!"
EOF
$ bash 1.sh
uid=1000(igor) gid=1000(igor) groups=1000(igor),29(audio),44(video),124(fuse)
Now i am root
uid=0(root) gid=0(root) groups=0(root)
yes!
You need to run your command in <<EOF block and give the block to sudo.
If you want, you can use su, of course. But you need to run it using expect/pexpect that will enter password for you.
But even in case you could manage to enter the password automatically (or switch it off) this construction would not work:
user-command
su
root-command
In this case root-command will be executed with user, not with root privileges, because it will be executed after su will be finished (su opens a new shell, not changes uid of the current shell). You can use the same trick here of course:
su -c 'sh -s' <<EOF
# list of root commands
EOF
But now you have the same as with sudo.
There is an easy way to do it without a second script. Just put this at the start of your file:
if [ "$(whoami)" != "root" ]
then
sudo su -s "$0"
exit
fi
Then it will automatically run itself as root. Of course, this assumes that you can sudo su without having to provide a password - but that's out of scope of this answer; see one of the other questions about using sudo in shell scripts for how to do that.
Short version: create a block to enclose all commands to be run as root.
For example, I created a script to run a command from a root subdirectory, the segment goes like this:
sudo su - <<EOF
cd rootSubFolder/subfolder
./commandtoRun
EOF
Also, note that if you are changing to "root" user inside a shell script like below one, few Linux utilities like awk for data extraction or defining even a simple shell variable etc will behave weirdly.
To resolve this simply quote the whole document by using <<'EOF' in place of EOF.
sudo -i <<'EOF'
ls
echo "I am root now"
EOF
The easiest way to do that would be to create a least two scripts.
The first one should call the second one with root privileges. So every command you execute in the second script would be executed as root.
For example:
runasroot.sh
sudo su-c'./scriptname.sh'
scriptname.sh
apt-get install mysql-server-5.5
or whatever you need.