when there is pipe, how to deal with permission with sudo - shell

if the command is with a pipe, how to deal with permission problem with sudo
the following command
sudo -u liy echo "update moz_cookies set value='f1=40000000&f3=40000&fv=11.2.202' where name='PREF' and host='.youtube.com';"|sqlite3 /user/liy/home/.mozilla/firefox/dd1pkryp.default/cookies.sqlite
leads to problem:
cannot open directory /user/liy/home/.mozilla/firefox/: Permission denied
how to deal with this? thanks

Put the sudo on the command doing the modifying:
echo 'some SQL' | sudo sqlite3 /some/database.db
You might even consider using a heredoc:
sudo sqlite3 /some/database.db <<ENDOFSQL
-- SQL here; you can even use multiple lines!
ENDOFSQL

Related

Unix script can't alter postgres hba.conf configuration file on Ubuntu

I'm attempting to setup postgres 9.6 on ubuntu/vagrant through a provisioning script. Part of my script adds a line to pg_hba.conf with the following command:
sudo -u postgres echo "host all all all md5" >> /etc/postgresql/9.6/main/pg_hba.conf
However, this gives me the error -bash: /etc/postgresql/9.6/main/pg_hba.conf: Permission denied
Which is strange because I am allowed to edit the file with either sudo nano or sudo -u postgres nano.
Here are the permissions on the file:
-rw-r----- 1 postgres postgres 4641 Apr 6 16:11 pg_hba.conf
How can I add this line to my configuration file in a script?
The problem here is that redirection happens before command execution. So the redirection doesn't have the elevated privileges you expected it to.
There's more than one way around that problem. I generally use something like this.
echo "host..." | sudo tee -a /etc/postgresql/9.6/main/pg_hba.conf
Piping to sudo tee... avoids problems with quoting.
How bash executes commands
Redirections

Use sudo to change file in root directory [duplicate]

This question already has answers here:
How do I use sudo to redirect output to a location I don't have permission to write to? [closed]
(15 answers)
Closed 6 months ago.
I'm trying to write a script to configure resolv.conf and /etc/network/interfaces automatically. I'm running the commands as "sudo", but I'm getting "Permission denied" errors.
sudo apt-get --assume-yes install vsftpd
sudo "nameserver 8.8.8.8" >> /etc/resolv.conf
sudo python setinterfaces.py
sudo chattr +i /etc/network/interfaces
sudo apt-get --assume-yes install lamp-server^
Lines 2 and 3 get permission denied errors, but lines 1 and 5 did run. setinterfaces.py is supposed to overwrite /etc/network/interfaces'.setinterfaces.pyworks when pointed at the home folder but not theinterfaces` file.
Any idea? Do I have to be changing ownership? Ideally I'd like this to be a one command script, where I can just call it and it will run. I'm writing this script for people who are not experienced in *nix.
The sudo command executes the command you give it under the root account. In its simplest form, the syntax is:
sudo command args...
For example:
sudo whoami
prints root.
If you type, as you did in your question:
sudo "nameserver 8.8.8.8" >> /etc/resolv.conf
then it's not going to work; it will try to execute a command named "nameserver 8.8.8.8", which doesn't exist. The problem there is that you're missing the echo command.
This:
sudo "echo nameserver 8.8.8.8" >> /etc/resolv.conf
still won't work because there's no command called "echo nameserver 8.8.8.8". That entire string is passed to sudo as a single argument. It needs to see the command and each of its arguments as a separate argument.
So this:
sudo echo nameserver 8.8.8.8 >> /etc/resolv.conf
is getting closer -- but it still won't work. It executes the echo command as root -- but echo requires no special privileges, so there's no point in executing it as root. The >> /etc/resolv.conf redirection is executed by your shell, which is running as you, not as root. Since you don't have permission to write to /etc/resolv.conf, the command fails. The sudo command never sees the redirection.
You need the redirection to be executed under the root account, which means that you need a shell process running as root. So the solution is:
sudo sh -c 'echo nameserver 8.8.8.8 >> /etc/resolv.conf'
This launches a shell as a root process. That shell executes the command line echo nameserver 8.8.8.8 >> /etc/resolv.conf. Since you have a root shell executing both the echo and the output redirection, it should work.
(I suggest grabbing a copy of your /etc/resolv.conf file before doing this, just to make sure you can recover if you accidentally clobber it.)
Second line would be like this,
sudo sh -c "echo 'nameserver 8.8.8.8' >> /etc/resolv.conf"

Why is sudo: bundle command not found?

Why is command "bundle" not found when using sudo:
[root#desktop gitlab]# sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production
sudo: bundle: command not found
[root#desktop gitlab]#
but does exist when not using sudo:
[root#desktop gitlab]# bundle exec rake gitlab:setup RAILS_ENV=production
Warning
You are running as user root, we hope you know what you are doing.
Things may work/fail for the wrong reasons.
For correct results you should run this as user git.
This will create the necessary database tables and seed the database.
You will lose any previous data stored in the database.
Do you want to continue (yes/no)? no
Quitting...
[root#desktop gitlab]#
The reason I ask is I am following https://github.com/gitlabhq/gitlab-recipes/tree/master/install/centos, and it states to use sudo.
I've tried adding a -i flag as described by Using $ sudo bundle exec ... raises 'bundle: command not found' error, but get "This account is currently not available.".
Check if the PATH has the same values both with and without sudo. Apparently it cannot find bundle just because it is not listed in PATH
You can compare the outputs of following two lines
$ echo 'echo $PATH' | sh
$ echo 'echo $PATH' | sudo sh
Ideally sudo is supposed to leave PATH untouched. But this might be a side issue of your hosting distribution.
Edit by original poster. Output is:
[root#desktop etc]# echo 'echo $PATH' | sh
/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
[root#desktop etc]# echo 'echo $PATH' | sudo sh
/sbin:/bin:/usr/sbin:/usr/bin:/user/local/bin
[root#desktop etc]#
The user was created without a bash login shell. Change this in centos using system-config-users. Then su git into /home/git and move to gitlab directory. Execute the bundle commands without the sudo tag. The next error you will encounter is the missing database.yml in the config dir. fix this with the correct password (i.e. copy the mysql or postgres sample and edit).
I had this issue I thought that my gitlab installed from source and I got same error. but after try Omnibus method for backup my issue solved
with this command:
sudo gitlab-rake gitlab:backup:create
Try :
sudo -u git -H env PATH=$PATH && bundle exec rake gitlab:check RAILS_ENV=production
to use the same PATH than current user.

sudo to a different user and run command as that user

consider this sudo command below
sudo -iu bigadmin
bigadmin is a generic user that all users sudo to, to do stuff with privileged access.
Now the problem is it a shared user like I mentioned. So any kind of profile customization isn't gonna work .
What I am trying to do is for the sessions I establish- I want to run a script that has all my variables inside. so when I sudo it should do these things
sudo -iu bigadmin ; . ./mycustomshell.sh
How's this best done.
First, make sure that all the variables in mycustomshell.sh are exported. Then, source it first, then run sudo -iu bigadmin, so that the shell started by sudo inherits the variables exported by mycustomshell.
Another option is to invoke bash as
sudo -iu bigadmin bash --rcfile mycustomshell.sh
However, this causes bash to ignore .bashrc, so you may want to source .bashrc explicitly at the beginning of mycustomershell.sh to compensate.
This bash command useful for a shell script. It runs a sudo password that given as parameter, and add a line at the end of given file.
echo $password | echo 'net.ipv4.ping_group_range=0 2147483647' | sudo -S tee -a /etc/sysctl.conf

Applying sudo to some commands in script

I have a bash script that partially needs to be running with default user rights, but there are some parts that involve using sudo (like copying stuff into system folders) I could just run the script with sudo ./script.sh, but that messes up all file access rights, if it involves creating or modifying files in the script.
So, how can I run script using sudo for some commands? Is it possible to ask for sudo password in the beginning (when the script just starts) but still run some lines of the script as a current user?
You could add this to the top of your script:
while ! echo "$PW" | sudo -S -v > /dev/null 2>&1; do
read -s -p "password: " PW
echo
done
That ensures the sudo credentials are cached for 5 minutes. Then you could run the commands that need sudo, and just those, with sudo in front.
Edit: Incorporating mklement0's suggestion from the comments, you can shorten this to:
sudo -v || exit
The original version, which I adapted from a Python snippet I have, might be useful if you want more control over the prompt or the retry logic/limit, but this shorter one is probably what works well for most cases.
Each line of your script is a command line. So, for the lines you want, you can simply put sudo in front of those lines of your script. For example:
#!/bin/sh
ls *.h
sudo cp *.h /usr/include/
echo "done" >>log
Obviously I'm just making stuff up. But, this shows that you can use sudo selectively as part of your script.
Just like using sudo interactively, you will be prompted for your user password if you haven't done so recently.

Resources