1

I have a script that needs to be ran as root. In this script I create directories and files. The files and directories cannot be modified by the user who ran the script (unless there root of course).

I have tried several solutions found here and other sites, first I tried to mkdir -m 777 the directories as so:

#!/bin/bash

...

#Check execution location

CDIR=$(pwd)

#File setup

DATE=$(date +"%m-%d_%H:%M:%S")
LFIL="$CDIR/android-tools/logcat/logcat_$DATE.txt"
BFIL="$CDIR/android-tools/backup/backup_$DATE"

mkdir -m 777 -p "$CDIR/android-tools/logcat/"
mkdir -m 777 -p "$CDIR/android-tools/backup/"

...

I have also tried touching every created file and directory with the $USER as root, like so:

#!/bin/bash

...

#Check execution location

CDIR=$(pwd)

#File setup

DATE=$(date +"%m-%d_%H:%M:%S")
LFIL="$CDIR/android-tools/logcat/logcat_$DATE.txt"
BFIL="$CDIR/android-tools/backup/backup_$DATE"

mkdir -p "$CDIR/android-tools/logcat/"
mkdir -p "$CDIR/android-tools/backup/"

sudo -u $USER touch "$CDIR/"
sudo -u $USER touch "$CDIR/android-tools/"
sudo -u $USER touch "$CDIR/android-tools/logcat/"
sudo -u $USER touch "$CDIR/android-tools/backup/"
sudo -u $USER touch "$CDIR/android-tools/logcat/logcat_*.txt"
sudo -u $USER touch "$CDIR/android-tools/logcat/Backup_*"

...

I have also tried manually running sudo chmod 777 /android-tools/*, and sudo chmod 777 /* from the script directory, gave no errors, but I still cannot delete the files without root permission.

Heres the full script, It's not done yet. Don't run it with an android device connected to your computer.

http://pastebin.com/F20rLJQ4

thisguysayswht
  • 13
  • 5

1 Answers1

1

touch doesn't change ownership. I think you want chown.

If you're using sudo to run your script, $USER is root, but $SUDO_USER is the user who ran sudo, so you can use that.

If you're not using sudo, you can't trust $USER to be anything in particular. The caller can set it to anything (like "root cat /etc/shadow", which would make your above script do surprising things you didn't want it to do because you said $USER instead of "$USER").

If you're running this script using setuid, you need something safer, like id -u, to get the calling process's legitimate UID regardless of what arbitrary string happens to be in $USER.

If you cover both possibilities by making makestuff.sh like this:

# $SUDO_USER if set, otherwise the current user
caller="${SUDO_USER:-$(id -u)}"

mkdir -p foo/bar/baz
chown -R "$caller" foo

Then you can use it this way:

sudo chown root makestuff.sh
sudo chmod 755 makestuff.sh

# User runs it with sudo
sudo ./makestuff.sh

# User can remove the files
rm -r foo

Or this way (if you want to use setuid so regular users can run the script without having sudo access -- which you probably don't, because you're not being careful enough for that):

sudo chown root makestuff.sh
sudo chmod 4755 makestuff.sh   # Danger! I told you not to do this.

# User runs it without sudo
./makestuff.sh

# User can remove the files
rm -r foo
tomclegg
  • 485
  • 3
  • 4