I have the following in my ~/.profile file...
alias mysqlstart='sudo /opt/local/bin/mysqld_safe5 &'
However, when I type $ mysqlstart. I'm not asked for my password and mysql doesn't start.
When I foreground the job, it's stuck on asking for my password.
Is there a way of setting the alias so the /opt/local/bin/mysqld_safe5 is backgrounded not sudo?
This is my shell's version information:
GNU bash, version 4.2.37(2)-release (i386-apple-darwin11.3.0)
From the sudo man page:
The -b (background) option tells sudo to run the given command in the
background. Note that if you use the -b option you cannot use shell
job
control to manipulate the process. Most interactive commands will fail
to work properly in background mode.
I wasn't aware of the sudo -b option, which sounds like the better solution.
I have used something like the following before, which I suppose has the advantage that it allows for job control by the shell:
alias mysqlstart='sudo true; sudo /opt/local/bin/mysqld_safe5 &'
The first command sudo true should prompt you for your password while not really doing anything, but allows the second sudo to execute without prompting for your password.
Related
I'm experiencing this really weird issue which I just can't understand why it is happening. When I execute following command from my shell manually it works.
sudo -u some-user echo "$SSH_KEY" | /home/some-user/.ssh/authorized_keys
however from a bash script it fails with a message we don't have any permissions.
#!/bin/bash
sudo -u some-user echo "$SSH_KEY" | /home/some-user/.ssh/authorized_keys
Is there any bash option to configure, or can someone explain this behavior?
It looks a bit like a bash security thingy for non interactive terminals or something like that, but I lost my creativity to google for the solution.
I'm running Ubuntu 16.04.
After hours of investigation it seems sudo commands where not executed because of the password prompt which does not occur from the script.
The solution was to first run a sudo command before runnning the script or just runnning the whole script as sudo so you can enter the password one time and the other sudo commands are running without password prompts.
this is probably a really simple question. I apologize if it is a duplicate.
I want to know how to remove sudo permissions for one particular command. I've created a script that installs a bunch of .deb packages and it needs sudo to do that, but one command in it needs to run without sudo permissions, so how would I do that? I'm using Ubuntu and this is a bash script.
I'm calling my script: ROS_install
Here is part of the script:
sudo dpkg -i /home/forklift/Desktop/ROS/ros-hydro-laser-proc_0.1.3-0precise-20131015-2054-+0000_amd64.deb
sudo dpkg -i /home/forklift/Desktop/ROS/ros-hydro-urg-c_1.0.403-0precise-20131010-0128-+0000_amd64.deb
sudo rosdep init
sleep 2
rosdep update
The command "rosdep update" needs to be run without sudo permissions. I assumed that it was already, but I get a warning every time I run the script, and thus get locked out of the command after installation.
Rather than give the entire script elevated privileges, just give them to the actual commands that need them. That is, rather than
$ sudo my_script
modify my_script to use sudo only on those commands that need it. For instance, if this is your script:
command1
command2
command3
command4
command5
and command3 is the non-sudo command, modify your script to read
sudo command1
sudo command2
command3
sudo command4
sudo command5
In the process, think about whether command1 actually needs to run with sudo, or it it can run just as well without. In that way, you should be able to greatly reduce the number of commands that actually need to be run with sudo in your script.
If your command is running with full privileges, it also has the privilege to demote its own privileges, for good or for the duration of one command, by running su.
touch /privileged
su -c 'cp /privileged /tmp/not' nobody
I assume you are calling your script like:
sudo script.sh
And you do not want all of the commands within the script to run as root.
If your script is like:
apt-get install perl
apt-get install python
mv trash /home/user/
And you only want to run the first two commands as root you can specify a specific user for the third like:
su -c "mv trash /home/user/" user
Where user is the username you want to run the command as.
This will allow you to make a single sudo call at the parent level when you call the script.
If you don't want the username hardcoded, you can use a command like logname to get the username of the user that you are logged in as.
Just adding to the other answers, you can do this:
su -c "command" $SUDO_USER
Which will execute the command as the actual user who typed the sudo command
That's very useful when you are making scripts that require sudo to install something and write something in the user's $HOME
I am wanting to detect in a shell script if a command I am going to run via sudo can in fact run via sudo. On newer versions of sudo I can do sudo -l "command" and this gives me exactly the result I want.
However, some of the systems have an old version of sudo in which -l "Command" isn't available. Another way I was thinking about doing it was to just try running the command then see if sudo prompted for the password. However, I do not see an easy way to do this as sudo writes the password prompt to the TTY and not via stdout.
Does anyone else know of a straight forward way to do this?
I should also mention "expect" doesn't seem to be available on the systems with the older sudo revisions, either.
Just for reference the "difficult" version of sudo appears to version 1.6.8
On Linux, on (at least) Debian-like systems, you can have a look at /etc/sudoers (and the optional /etc/sudoers.d/* files, if created, and included in the main /etc/sudoers) that give (among others)
the search path to where (which dir) a command can be issued
the sudo user (root) privileges
groups who can use sudo and their privileges
This is the sudoers man page for more information.
if you're only wanting to check that a password is required to run a command then you should be able to run:
$ sudo -n <command>
E.g.
$ sudo -n echo
sudo: sorry, a password is required to run sudo
I have a simple shell script that is run with sudo as most of the script requires it, yet one of the commands in the script is a Homebrew install, which cannot be executed with sudo..
So, my question is when executing a shell script with sudo how do I execute sub commands as the current user and then continue the remainder of the script with sudo.
Prompting the user to enter his password again is not really practical as the script takes really long to execute and would require waiting 5-10 min for the prompt.
The easiest way is to run the subcommand via sudo from within the script. The user id to run with can be obtained by $SUDO_USER (look at the output of sudo env):
sudo -u $SUDO_USER ./exec_as_normal_user.sh
Instantiate the shell using
sudo -u $USER_NAME bash
and execute the shell script by calling,
./program.sh
I need use execute a command inside of a script in a Run Script build phase in Xcode 4 using sudo. However, the compiler complains:
sudo: no tty present and no askpass program specified
Anyone have a clever solution for this problem?
One solution is to place the sudo password in an executable shell script like the following:
#!/bin/bash
echo thesudopassword
This shell script might be called password.sh
Then, setup the environment variable SUDO_ASKPASS=password.sh
Once this is setup, the -A option can be passed to sudo. This option uses the ASKPASS program to obtain the sudo password. The ASKPASS program need only write the password to stdout.
So, for example,
sudo -A ditto -V /tmp/testserver.dst /
This is obviously a rather insecure solution, but it does work.
Two ideas that haven't been suggested yet, both of which are probably better/safer than the currently accepted answer:
First option would be to put the part of the script that needs to be run as root in a script file (.sh or something), and then make it setuid as root: chmod go-w,+sx scriptfile, sudo chown root scriptfile. This means that script will automatically run as root, which avoids you needing to authenticate to run it (just to change it). As long as its operation isn't subject to user input, this should be quite safe. (Of course, if you make a script that takes an input argument and deletes it or runs it, or does most anything else with it, that would not be safe.)
Second option would be to use applescript (possibly via osascript). Applescript allows you to do shell script "sudo command goes here" with administrator privileges, which will pop up a graphical dialog asking for a password.
The first of these options would be good for an automated environment, though it might not deal well with (for example) being checked into an SCM, or being sent to another user. The second option would work better with that, but requires a password input every time, so doesn't work as well for an automated build script.
Another solution to this problem is to modify sudoers file and add your account to it and state that you should never be asked for the sudo password. To accomplish this is fairly straightforward:
run:
sudo visudo
In the User privilege specification section add a line that looks like
youraccountname ALL=(ALL) NOPASSWD: ALL
Of course, this can be a dangerous thing to do, so be careful. I would suggest reading the man page for sudoers and visudo before going this route.
After much searching I found the following solution.
https://forum.juce.com/t/build-script-for-automatically-moving-built-aus-into-components-folder-xcode/13112
Summary
Create a keychain and store your admin password in the keychain
Create a script which uses /usr/bin/security to access the password In your run script,
Set the ASK_PASS env variable and use the -A option with sudo
You can either run commands directly as a administrator with the following (changing echo YourCommandHere > /tmp/hello to your command):
osascript -e 'do shell script "sudo echo YourCommandHere > /tmp/hello " with administrator privileges'
Or run a script in your source directory using:
osascript -e 'do shell script "bash -x $SOURCE_ROOT/MyAdminScript.sh 1>/tmp/build-log 2>/tmp/build-log.err" with administrator privileges'
This runs the script and logs it output to /tmp/build-log and /tmp/build-log.err
For useful variables in the script see https://help.apple.com/xcode/mac/8.0/#/itcaec37c2a6
You can also execute XCode giving it the project as parameter from the Terminal using sudo like this:
sudo /Developer/Applications/Xcode.app/Contents/MacOS/Xcode /path/to/your/project.xcodeproj
This is the easiest solution I could think of, but there may be some drawbacks, since you would be executing XCode as root.
No need to write your sudo password anywhere. Just open a terminal window and type
$ sudo echo "hello"
Once you've typed your password, it will be good for a while - not sure how long - and the shell spawned by Xcode will inherit this permission.
If you get the "no tty present" message again later, just repeat the procedure