LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-19-2010, 12:02 AM   #1
jahobjafwar
Member
 
Registered: Aug 2010
Posts: 31

Rep: Reputation: 0
I need help running my shell scripts as root


i have been playing around with shell scripting, nothing too complex just learning the basics. if i try to run a script as root (by entering "sudo" then the "command") it says command not found. i can only do it ass root if i specify the full path (/home/username/bin/command) im pretty sure the directory that my scripts are in are part of the superusers path. any advice would be very helpfull.
thank you
 
Old 08-19-2010, 12:24 AM   #2
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 671Reputation: 671Reputation: 671Reputation: 671Reputation: 671Reputation: 671
Using "sudo", the environmental variables are reset by default. See the man page for "sudoers" for details on what is reset and what is retained. You should be including the full path to programs in scripts to prevent a regular user, running a script a root, from substituting commands with their own versions. The same is problem exists for using the system() function call in C. "Do not use system() from a program with set-user-ID or set-group-ID privileges, because strange values for some environment variables might be used to subvert system integrity."

Also a script shouldn't make assumptions about the environment of the user calling it. So you should include the full path name as well.
Also, as you are just playing around with scripting, maybe you shouldn't be running the scripts as root. You are playing with fire.
 
Old 08-19-2010, 12:24 AM   #3
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 671Reputation: 671Reputation: 671Reputation: 671Reputation: 671Reputation: 671
chromium double posted on me again. Sorry for second post.

Last edited by jschiwal; 08-19-2010 at 12:25 AM.
 
Old 08-19-2010, 01:55 AM   #4
grail
LQ Guru
 
Registered: Sep 2009
Location: Perth
Distribution: Manjaro
Posts: 9,425

Rep: Reputation: 2826Reputation: 2826Reputation: 2826Reputation: 2826Reputation: 2826Reputation: 2826Reputation: 2826Reputation: 2826Reputation: 2826Reputation: 2826Reputation: 2826
In addition to above I would add that "playing" as root is REALLY not a good idea. Just a thought.
 
Old 08-19-2010, 08:35 PM   #5
jahobjafwar
Member
 
Registered: Aug 2010
Posts: 31

Original Poster
Rep: Reputation: 0
i see your point about "playing around" as root. the reason i ask is ive been following a tutorial at linuxcommands.org that has me making a script to produce a HTML page with my system info on it. one of the functiions (used in the script to show home space "du") must be run as root. if you run the script as a regular user the section that shows home space is left out. from the way the author talks it seems like i should be able to do this as root. i can actually i just have to specify the full path. so your saying if i make it so i can just run the script normally as root that regular users could replace commands with their own versions? wouldn't they have to know my password first?
 
Old 08-19-2010, 09:01 PM   #6
konsolebox
Senior Member
 
Registered: Oct 2005
Distribution: Gentoo, Slackware, LFS
Posts: 2,248
Blog Entries: 8

Rep: Reputation: 235Reputation: 235Reputation: 235
If you're brave enough, why not just run everything as UID 0 / root; login as root? I also think that you'll learn a lot faster that way. If you're system does not contain critical data that a data crash won't mean anything, you can even gain a good experience with that mistake.

Also, some people don't even bother using normal user accounts especially the one who were used to systems that always have full access. If you like there's also a way to safely create a root-like account with a different name (making the root account as nothing but dummy). Some prefer to use UID 0 to always have full control and speed up work.

@jschiwal, @grail My idea is probably different from yours but people naturally have different ways.. I hope you don't mind.
 
Old 08-19-2010, 09:13 PM   #7
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 671Reputation: 671Reputation: 671Reputation: 671Reputation: 671Reputation: 671
Quote:
Originally Posted by jahobjafwar View Post
so your saying if i make it so i can just run the script normally as root that regular users could replace commands with their own versions?
If the user can't access the script, that is true. But if your home directory allows "others" access then they could run it as themselves, replacing the path to du and replacing it with malware would be a serious danger. Maybe another user doesn't have access now, but you may change permissions later, or have a vulnerability using the web that could give someone else access as yourself.

If a script needs root access, either that script should only be run by the root user, and not a regular user, or you should use sudo for the needed command so only a 'sudoer' can run the script.

In your script, use sudo before the du command and include the full path to the du command. Simple as that.

Last edited by jschiwal; 08-19-2010 at 09:15 PM.
 
Old 08-20-2010, 12:31 AM   #8
jahobjafwar
Member
 
Registered: Aug 2010
Posts: 31

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by jschiwal View Post
But if your home directory allows "others" access then they could run it as themselves, replacing the path to du and replacing it with malware would be a serious danger.
My home directory could be accessed by only one other user (my roommate). However is should be stated that only i have write permissions to the file that the script is written in. so hypothetically "others" could read or execute the script but not change it.
Me being a "noob" to linux, im still getting used to the root user/multiple user idea. if its in the interest of security i have no prob specifying the path for scripts that require root access. however if i input "sudo echo $path" the path to the directory the script is in shows up. if the directory is in the path, shouldnt it execute?
 
Old 08-20-2010, 02:36 AM   #9
grail
LQ Guru
 
Registered: Sep 2009
Location: Perth
Distribution: Manjaro
Posts: 9,425

Rep: Reputation: 2826Reputation: 2826Reputation: 2826Reputation: 2826Reputation: 2826Reputation: 2826Reputation: 2826Reputation: 2826Reputation: 2826Reputation: 2826Reputation: 2826
Well I am a little curious ... it appears you are running Ubuntu and assuming a personal machine (hence how you have root access) the default install assigns sudoer
access to the main user, unless otherwise specified. So sudo should help you run most things that need root access.

Another note I have made, looking at my own Ubuntu machine, is that du is not a root/sudoer executable. So unless you are executing on a folder you do not have access to it
should function just fine??
 
Old 08-20-2010, 02:45 AM   #10
konsolebox
Senior Member
 
Registered: Oct 2005
Distribution: Gentoo, Slackware, LFS
Posts: 2,248
Blog Entries: 8

Rep: Reputation: 235Reputation: 235Reputation: 235
Quite confusing. I can only suggest that you read some basics about permissions.
http://www.google.com/search?q=linux+permissions
 
Old 08-20-2010, 08:10 AM   #11
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 671Reputation: 671Reputation: 671Reputation: 671Reputation: 671Reputation: 671
A lot depends on how /etc/sudoers is configured. Different distro's may configure things differently.
The sudoers manpage talks about how the environment is handled. You will want to skip towards the bottom of the manpage.
Here is an example on my system:
Code:
sudo echo $PATH
root's password:
/usr/lib64/mpi/gcc/openmpi/bin:/home/jschiwal/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/games:/usr/lib64/jvm/jre/bin:/usr/bin/:/usr/local/bin:/usr/bin/
jschiwal@qosmio:~/cry> su -
Password: 
qosmio:~ # echo $PATH
/usr/lib64/mpi/gcc/openmpi/bin:/sbin:/usr/sbin:/usr/local/sbin:/root/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/games:/usr/lib64/jvm/jre/bin
My advice is to work with the system, as intended instead of fighting it. Why "du" isn't found, I don't know. Look at the .profile or .bash_login file for root. Are /bin/ and /usr/bin in root's PATH? Maybe Ubuntu configures things differently.

---

One place where you may write scripts to run as root is for cron scripts. The cron environment is very bare, and you need to include the full pathnames for commands there as well. Not doing this, or forgetting that cron isn't connected to a terminal are two common mistakes.

Here is a couple lines from the logrotate cronjob:
TMPF=`mktemp /tmp/logrotate.XXXXXXXXXX`

/usr/sbin/logrotate /etc/logrotate.conf 2>&1 | tee $TMPF

It both includes the full path to commands, and redirects both stdout and stderr to a file.
 
Old 08-20-2010, 09:51 PM   #12
jahobjafwar
Member
 
Registered: Aug 2010
Posts: 31

Original Poster
Rep: Reputation: 0
well its definetly not anything to do with permissions. remember i can run the script, i just have to specify the full path. the funny thing is i know for a fact that i have the scripts in roots path. whilst ive been looking around on the web for a solution i did see a lot of references to what you talked about (jschiwal) with cron jobs, and having to specify the full path in that instance as well. for now im just going to consider it as something that is what it is. like i said im new to linux so there is certanly a lot of other things for me to learn. ill post on this thread again if i ever find a for sure explination. thanks to everyone who responded, i aprreciate any feedback i can get.
 
Old 08-21-2010, 07:41 AM   #13
toothandnail
Member
 
Registered: Apr 2007
Location: Oxfordshire, UK
Distribution: Arch, Sparky, Salix64
Posts: 86

Rep: Reputation: 7
Quote:
Originally Posted by jahobjafwar View Post
well its definetly not anything to do with permissions. remember i can run the script, i just have to specify the full path. the funny thing is i know for a fact that i have the scripts in roots path. whilst ive been looking around on the web for a solution i did see a lot of references to what you talked about (jschiwal) with cron jobs, and having to specify the full path in that instance as well. for now im just going to consider it as something that is what it is. like i said im new to linux so there is certanly a lot of other things for me to learn. ill post on this thread again if i ever find a for sure explination. thanks to everyone who responded, i aprreciate any feedback i can get.
In your original post, you quoted the path to the script as "/home/username/bin/command". If that is the case, it is highly unlikely to be in the path for the superuser.

I use something similar, but ~/bin is added to my default path by a check in ~/.bashrc, which would not work for the superuser. I do have a similar check for a ~/bin directory in the .bashrc executed for root, but that would add /root/bin to root's path, not /home/user/bin.

So, unless you have modified the path for the superuser, I would be most suprised if the directory you specified was in root's path.

Paul.
 
Old 08-23-2010, 03:13 PM   #14
jahobjafwar
Member
 
Registered: Aug 2010
Posts: 31

Original Poster
Rep: Reputation: 0
So, unless you have modified the path for the superuser, I would be most suprised if the directory you specified was in root's path.

Paul.[/QUOTE]

im about 80% sure that it is in fact in roots path. if i enter "sudo echo $PATH" i can see that /home/user/bin is listed. i have wonderd however if mabey this is just showing me the path of my regular account. the command i used to presumably put that directory in roots path was "sudo export path=$PATH:directory" where "directory" is /home/user/bin. however it gave me the messag "export command not found" so here we have another example of a command that can not be used by root. this i am learning is not that uncommon. "cd" for example can not be executed by root, not with the sudo option anyways. it might be different if you actually logged in as root. if there is some angle on this im not seeing feel free to let me know but it does seem like running scripts as root, and even executing certain commands as root is just not "a thing" i imagine this is probably for security reasons even though i dont see what the big deal would be since i can actually run the scripts as root, i just have to specify the path. so all some would-be hacker would have to know to run my scripts (which as i mentioned are nothing special) is the directory i keep them in.
 
Old 08-23-2010, 04:33 PM   #15
jay73
LQ Guru
 
Registered: Nov 2006
Location: Belgium
Distribution: Ubuntu 11.04, Debian testing
Posts: 5,019

Rep: Reputation: 130Reputation: 130
But sudo runs a root shell in the user's environment so the path is the user's path, not that of the superuser. To run a shell as another user: sudo -u username; to run it with your own environment (same as plain sudo): sudo -s; To run a script with root environment, issue sudo -i. Check man sudo.

Last edited by jay73; 08-23-2010 at 04:35 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Running shell scripts, commands need root/su, how? digity Linux - Newbie 5 01-07-2010 06:19 AM
Running shell scripts with cron Lossenelin Linux - General 2 09-24-2009 03:51 PM
is suid disabled from running all scripts or just from running them as root monsteriname Programming 2 09-05-2009 03:57 AM
running shell scripts using Java niravk8 Programming 2 02-09-2005 10:42 AM
running shell scripts salparadise Linux - Newbie 2 12-21-2002 06:40 AM


All times are GMT -5. The time now is 02:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration