6

There is a shell script (/bin/sh, not bash) that requires root permissions for execution.

If it is ran by a normal user it should ask user a password to get root access and re-run itself.

Now it uses the following code:

if [ $(id -u) -ne 0 ]; then su root -- $0 $@ ; ... fi

That works fine, but there are some OS like Ubuntu that has no root password at all. On the other hand, a lot of systems use sudo for root permissions.

The question is: how can the script detect whether to use su or sudo without asking the user to enter too much passwords (e.g. enter sudo password, if it fails - run su).

zserge
  • 2,212
  • 2
  • 31
  • 40

6 Answers6

6

It shouldn't. If script requires root privileges, it should be run as root. It's the user's business how he's going to accomplish that -- using su, sudo or some other mechanism.

If you are concerned with security issues and don't want to do everything from root, you can drop root privileges for those parts.

Roman Cheplyaka
  • 37,738
  • 7
  • 72
  • 121
  • zserge's comment below explains "That was the code used in older versions. Now I'm trying to get root privileges from the [installation] script, so the user don't have to restart it. Seems to be a little bit more user-friendly". Seems the fair basis for a question, and not inherently evil ;-). – Tony Delroy Oct 05 '10 at 03:07
  • @Tony: My point is that it's *not* user-friendly at all. This is an example of trying to be smarter than user. In some cases this might work, but it's far more likely to cause problems to the user. Also you should follow the principle of the least surprise. I'd be surprised (and would have some questions to the author) if some program would try to acquire root privileges using sudo without my consent. – Roman Cheplyaka Oct 05 '10 at 06:02
3

There isn't a bullet-proof way of doing this, because any distribution can lay files in any way it wants. Debian and Ubuntu often place system files in directories other than Red Hat, for example. It's much easier to customize the script for the OS it's installed on.

wilhelmtell
  • 57,473
  • 20
  • 96
  • 131
2

You can setup the account not to need a password for sudo in /etc/sudoers: 

yourusername ALL=(ALL) NOPASSWD: ALL

If you don't want to do that, you can force them to run the script as root. Add something like this to the top of your shell script: 

if [ "$UID" -ne 0 ]; then
    echo "You must be root to run this script"
    exit 1
fi

This way, the user can get to be root however they choose (su or sudo).

gpojd
  • 22,558
  • 8
  • 42
  • 71
  • This script is a kind of installer - I don't run it at my host, but other users run it at their machines. – zserge Oct 04 '10 at 15:10
  • What about the second part? Exiting early and prompting them to run the script as root. – gpojd Oct 04 '10 at 15:12
  • That was the code used in older versions. Now I'm trying to get root privileges from the script, so the user don't have to restart it. Seems to be a little bit more user-friendly – zserge Oct 04 '10 at 15:36
  • @zserge: you might prompt the user - "1: su to root and continue (you need the root password; 2: run the script with sudo (if permissioned); 3: abort installation" – Tony Delroy Oct 05 '10 at 03:05
1

Create one more .sh file from this file call your original .sh file like - 

su - oracle /u01/enlightics/Enlightiks/UploadFTP/ExportScript2.sh
Machavity
  • 30,841
  • 27
  • 92
  • 100
Brijesh Rana
  • 621
  • 7
  • 6
0

Check if sudo ist installed

SU='su'
which sudo > /dev/null && SU='sudo'
bitmask
  • 32,434
  • 14
  • 99
  • 159
  • A nice way. But: there can be sudo installed on the machine, but the user has no permissions to run this script with sudo. – zserge Oct 04 '10 at 15:23
  • That does not matter, because then, sudo will fail, without asking a password, and you can invoke `su` instead (just observe the outcome of `sudo true`). – bitmask Oct 04 '10 at 15:31
  • Maybe I'm wrong, but while user is allowed to run true it's not guaranteed that he can run our script. And, if user is allowed to run programs with password, he will be prompted when executing `sudo true`. I try to avoid unneeded password prompts. – zserge Oct 04 '10 at 15:39
  • Okay, `sudo true` was garbage. Make sure *your* script returns 0 (true) and simply run that with `sudo`. Then, the user is asked only once, and if he cannot sudo your script, you will know because of the return value so that you can invoke `su`. – bitmask Oct 04 '10 at 15:55
  • I can't see anything better, but that still involves asking for the user's password then possibly having to ask for the root password afterwards: avoiding that is what the question's about. – Tony Delroy Oct 05 '10 at 03:02
0

While this doesn't fully answer your question, it's worth noting that you can check if the sudo package is installed using the following:

Debian based systems:

dpkg -s sudo

RPM based systems:

rpm -q sudo
t3mp0
  • 1
  • 1
    What about gentoo, arch, or slackware users? To my mind, `which sudo` is a more general way to test if program is installed. – zserge Oct 04 '10 at 15:41
  • And for that matter, what about Free/Open/Net BSD, macOS, Illumos, HP/UX, Android, webOS? If you must rely on something, rely on POSIX.1. Certainly not platform-specific packaging tools. – ghoti Jun 08 '17 at 12:18
  • `hash somebinary` is also a nice way to find a binary, especially if you are going to be calling the binary again as it caches the path for quicker execution, but you might need to redirect all output to /dev/null if you expect a failure and just want the exit code. – dragon788 Nov 17 '17 at 18:52