Question about sudo

rolandpish · 08-24-2010, 05:29 PM

Hi, in a linux ubuntu box, I have a bash script to automatize the creation of a svn repository (this is not a svn question).

In the script, I have these lines of code (among others):

Code:

# Create the repository
sudo -u www-data svnadmin create --fs-type fsfs $PATH$1 2>&1

# Create a pre-commit hook manually
sudo -u www-data echo '#!/bin/sh
REPOS="$1"
TXN="$2"
...some more content' > $PATH$1/hooks/pre-commit

Ok, the second sentence (sudo -u www-data echo ...) cannot complete because it shows a "permission denied" even though the $PATH$1/hooks is owned by www-data:www-data.

Interesting thing is that if I remove the "sudo -u www-data" from the script, and I execute it "outside" as: sudo -u www-data ./createrepo nameofrepo, no more "permission denied" errors are showed.

How can I achieve this "sudo -u www-data" inside the script?

Thanks in advance.

Cheers,
Roland

SaintDanBert · 08-24-2010, 06:43 PM

you might check out this reference
http://linux.byexamples.com/archives...ot-permission/

The idea is

Write a script that does what you want it to do

Test that your script works while using root permissions

Code:

user@host:/path/ $ sudo -i
user@host:/path/ # ... you are now "root" ...

user@host:/path/ # ./myScript.sh opt1 ... optLast

Now you can run your script in everyday mode:

Code:

user@host:/path/ $ sudo myScript.sh opt1 ... optLast

You don't want to use sudo -i routinely. While it logs things and su - does not, it is too easy to screw things up at a root prompt.

Goo luck,
~~~ 0;-Dan

ZaSter · 08-24-2010, 06:53 PM

Roland,

The difference is that the sudo inside the script becomes www-data to run the "echo" command and then the results of the sudo command is redirected to the $PATH$1/hooks/pre-commit file. In other words, you run the sudo command and redirect its output as your normal user account which probably does not have write permissions to the output file.

When you execute the script from "outside", you first become www-data that executes the createrepo. In this case, you are doing everything as "www-data" so you have its permissions all of the time. This is different from the first way in which you only have www-data permissions during the execution of the "echo" command.

I hope this help?

--
ZaSter

estabroo · 08-24-2010, 07:49 PM

are you sure $PATH is what you think it is? normally $PATH contains the directories to search in for executables (like /bin:/usr/bin:... )

rolandpish · 08-25-2010, 09:00 AM

Thanks for your replies!

Ok, your information helped me a lot, so I'm trying to find a way to "execute" the redirection as www-data inside the script. I've been googling around but with unsuccessful results.

Any suggestion?

Thanks a lot!

ZaSter · 08-25-2010, 05:41 PM

Roland,

Based upon the code you supplied, simply move the last single quote passed the output file name. In other words, change this:

Code:

# Create the repository
sudo -u www-data svnadmin create --fs-type fsfs $PATH$1 2>&1

# Create a pre-commit hook manually
sudo -u www-data echo '#!/bin/sh
REPOS="$1"
TXN="$2"
...some more content' > $PATH$1/hooks/pre-commit

to this:

Code:

# Create the repository
sudo -u www-data svnadmin create --fs-type fsfs $PATH$1 2>&1

# Create a pre-commit hook manually
sudo -u www-data echo '#!/bin/sh
REPOS="$1"
TXN="$2"
...some more content > $PATH$1/hooks/pre-commit'

rolandpish · 08-26-2010, 08:51 AM

Thanks a lot ZaSter!
I'll try it that way when I get home.

Regards