Remember sudo password in shellscript

Question

I want to make a shellscript to install Wine on a Mac and i want the user to enter his/her password so the script can use it later on to make the installation unattended by automatically entering the password on "sudo" commands. This is what i got for now:

clear
echo Wine Installer v1.0
echo -------------------
echo      by Sydcul
sleep 4
clear
  echo "Please enter your OS X user password."
  echo "It is needed in some parts of the installation."
  read PASSWORD
  echo "Wine installation starting."
  echo "Please do not shut down your system."
  mkdir winetmp
  cd winetmp
  curl -O https://distfiles.macports.org/MacPorts/MacPorts-2.0.3.tar.bz2
  tar xjvf MacPorts-2.0.3.tar.bz2
  cd MacPorts-2.0.3
  echo $PASSWORD | ./configure && make && sudo make install
  echo $PASSWORD | sudo port -v selfupdate 
  echo $PASSWORD | sudo port -v install xorg
  echo $PASSWORD | sudo port -v install wine
  rm -rf ~/winetmp
  clear
  echo "Wine is successfully installed and ready for use!"

But at a certain point is still asks for the password. How can i fix this?

Answer 1

Honestly, I would drop all that $PASSWORD stuff and remove the sudo from all your commands. You are writing an installation script, which should be run with elevated privileges. Have your users execute your script with sudo ./installwine.sh, and then run the commands in the script without sudo. All your port -v stuff will inherit the elevated privileges.

If you'd like to offer your user a nice error message if they forget to run the script with sudo (rather than just having your first call to port fail cryptically), you could check to see if the effective user ID ($EUID) is 0, and print the error message and exit otherwise. See https://askubuntu.com/questions/30148/how-can-i-determine-whether-a-shellscript-runs-as-root-or-not.

Answer 2

You can prompt the user for the password for the first time and then save it in a file (and don't forget to encrypt it).

The next time when you need it you can easily read it from the same file and store it in a variable and then use this command

echo $variablename | sudo -S command

Answer 3

Actually I think sudo doesn't accept password from stdin (you need to specify -S parameter to enable this). As workaround you can execute sudo su to gain root privileges for all commands.

UPD: I'm not recommend to save password to file cause it is very bad solution from security point.

UPD2: You forget about Xcode, if it is not installed this script fails on compile stage :)

Answer 4

Why don't you just use the custom prompt option for sudo, and let it ask for the password if it needs it?

You start by checking if they're already root or not like this:

SUDO=""
if [[ 0 == $(id -u) ]]
then
  SUDO="sudo "
fi
$SUDO command 1
$SUDO command arg arg arg

and then optionally combine that with the ability to customize the sudo prompt using the -p option.

then
  SUDO="sudo -p \"I need elevated access for this part. Please enter %u's password:\" "
fi

You still get control over the interface, but don't prompt for a password unless you need it. Some people may have sudo set up for nopassword operation, for example. Others might run your installer as root. Or maybe their pasword is already cached with sudo. Etc. It's best to let sudo manage prompting, possibly using an askpass program (see the -A option) if necessary.