Escalate to glob a directory? - bash

On OS X, I'm writing a bash script to be run as a user, not root. Every so often I need to escalate to root to run certain commands.
In one section I'm trying to iterate over the contents of a directory owned by root with the permissions drwx------, which means I can't glob the contents of the directory as a normal user.
This doesn't work:
sudo for files in "/System/Library/User Template"/*
do
some command "$files"
done
What I would like to do is this:
for files in "/System/Library/User Template"/*
do
sudo some command "$files"
done
This is a new system bootstrap script, so I'd like to keep everything in one script and I definitely cannot run the whole thing as root. I'm wondering:
If there's a proper way to escalate to glob a directory in a for loop.
If I should change the permissions as root, run the code, change the permissions back.

I think you can only consider calling another script that's meant to run as root instead and use sudo with it.
Although maybe you can run bash reading commands from input:
sudo bash -s <<'EOD'
for files in "/System/Library/User Template"/*; do
some command "$files"
done
EOD

Related

assistance with postinstall script on Mac

New at this. I need to use a postinstall script to move a file and a folder to the user's Application Support folder on a Mac. For the file I only want to move it if the file doesn't already exist. I do not want to overwrite it if if does exist. Here is my script. It runs but nothing gets copied. I'm using the Packages app, btw, and this script is loaded into the postinstall script tab.
#!/bin/sh
if ! "/Library/Application Support/MyApp/MyApp user dict"; then
mv "$1/Contents/Resources/MyApp user dict" "/Library/Application Support/MyApp/.";
fi
mv "$1/Contents/Resources/Spellcheck Dictionary" "/Library/Application Support/MyApp/.";
exit 0
User-specific tasks generally do not belong in installer scripts -- remember that there may be multiple users on a machine, and that some of them may not be accessible when your installer is running. (For example, users may have encrypted home directories, or may not exist until after your installer is run.) If your application needs to copy files to the user's home directory, it should probably do this when it is first launched.
Nevertheless, I see several specific issues with this script:
Your script refers to $1 in several places. Are you sure that your script has an argument passed to it on the command line?
The correct syntax to test if a file does not exist is:
if [ ! -f "/path/to/file" ] ; then …
Your script is missing the square brackets and -f condition. (For details, see man test.)
Assuming that $1 is supposed to be the path to the current user's home directory, you have the arguments to mv backwards. The destination comes last, not first. (The syntax is essentially mv from to.)

Why I am not able to run executables from shell script

I have a shell script which calls for different executables from it.
The shell script and the executables are within same directory and I am trying to run it from there. Still, on running, I get the error, "executable" not found- No file/directory exists.
What should I do???
First, You need to provide permission to the File :
chmod +x filename
Then, execute the binary file by,
./filename
The current directory is typically not in your command path, for security reasons. You need to provide the path explicitly, that is
./mycommand
instead of
mycommand
(Keep in mind, though, that this will break if you run the script from a different directly. ./mycommand is relative to the directory you run from, not the directory where the script is stored.)

Why do my setuid root bash shell scripts not work?

I created this simple script to allow the user to remove files created by the web server in his home directory without giving him "su". Both scripts are set with "chmod 4750".
The craziest thing is that they DID work and now they don't. Here's the scripts:
#!/bin/bash
# Ask for directory to delete
echo "Enter the file or directory you would like to delete, the assumed path is /home/user"
read DIRECTORY
rm -rf /home/user/"$DIRECTORY"
echo "Deleting /home/user/$DIRECTORY ..."
exit 0
2:
#!/bin/bash
# Reset permissions
echo "Resetting the ownership of the contents of /home/user to user."
chown -R user /home/user
exit 0
I will make them a little more advanced and work for multiple users but right now I cannot even get the simple version to work. It works when run as root of course. It used to work when run as user 'user' but now it doesn't. I get this:
user#dev:/home/user$ delete.sh
Enter the file or directory you would like to delete, the assumed path is /home/user/[your input]
test-dir
rm: cannot remove ‘/home/user/test-dir/test-file’: Permission denied
Deleting /home/user/test-dir ...
and
chown: changing ownership of ‘/home/user/test-dir’: Operation not permitted
What can possibly be the problem?
-rwsr-x--- 1 root user 291 Nov 6 05:23 delete.sh
-rwsr-x--- 1 root user 177 Nov 6 05:45 perms.sh
There is a pretty comprehansive answer at https://unix.stackexchange.com/questions/364/allow-setuid-on-shell-scripts
Bottom line is that there are two main points against it:
A race condition between when the Kernel opens the file to find which interpreter it should execute and when the interpreter opens the file to read the script.
Shell scripts which execute many external programs without proper checks can be fooled into executing the wrong program (e.g. using malicious PATH), or expand variables in a broken way (e.g. having white space in variable values), and generally it has less control on how well the external programs it executes handle the input.
Historically, there was a famous bug in the original Bourne shell (at least on 4.2BSD, which is where I saw this in action) which allowed anyone to get interactive root shell by creating a symlink called -i to a suid shell script. That's possibly the original trigger for this being prohibited.
EDIT: To answer "How do I fix it" - configure sudo to allow users to execute only these scripts as user root, and perhaps use a trick like in https://stackoverflow.com/a/4598126/164137 to find the original user's name and force operation on their own home directory, instead of letting them pass in any arbitrary input (i.e. in their current state, nothing in the scripts you include in your question prevents user1 from executing the scripts and passing them users2's directory, or any directory for that matter)

Running an executable by calling it in a .sh file

I am very new to bash and using .sh files. I am trying to run the program aescrypt by calling it in a .sh file as follows (aescrypt is in the same directory as the .sh file) :
./aescrypt -e -p password file.txt
It throws the following error:
./aescrypt no such file or directory
Am I doing it wrong?
ps- I realy don't want to add it to the PATH variable as I will be using this on more than one computer that resets every day.
The location of the script is irrelevant. The thing that matters is the working directory of the process executing the script. The simplest solution really is to add aescrypt to a standard location like /bin or /usr/bin. If neither of those is acceptable, perhaps /usr/local/bin is an option. Otherwise, just use the full path of aescrypt in your script. Either hard code it, or if it is in the same directory as the script, try:
$(dirname $0)/aescrypt ...
(Note that hardcoding is more reliable, but less flexible. If you move the executable, the script will break. But using dirname will break if the script changes directory during execution.)
how about if you call the program like ./aescrypt.sh, thats the way to call an .sh programm througt the terminal
First off all, you have also to change the permissions of the file to make it executable, the way to make that is to write in the terminal, the command:
sudo chmod 765 aescrypt.sh
For that you have to be located where the file is

Cd in shell script not working

First off I am very very new to shell scripting. I am trying to write a script that takes in one parameter and then copies a folder in a different directory naming it using the parameter. This is the current code that I have:
#!/bin/sh
cd /var/www/html/fbplugin/chrome
sudo mkdir temp/$1
sudo cp -rf "/var/www/html/fbplugin/chrome/fbplugin" "/var/www/html/fbplugin/chrome/temp/$1"
When I run this code it says can't cd to /var/www/html/fbplugin/chrome. I'm not sure why it is saying this because I know the directory exists. I have copied the line directly and it works in terminal. If anyone could help me out that would be great.
If it matters in order to run the script I am typing "sh build.sh"
If that directory really exists, then you must have executed that script with a different user (cron, webserver, etc).
Check the rights for that directory.
I don't know why you're getting the error about cd, but it looks like you could just use absolute paths throughout. That would solve the larger problem of the script working correctly.

Resources