[SOLVED] Is it possible to switch between the root/user inside automatic script?

Michal Krzyz · 12-11-2012, 05:10 AM

Hello,
I am writing bash script which is building some tools and is setting environment. This scripts make a lot of root stuff like mount, mkfs, make install etc.
This script is called by sudo command:

Code:

sudo ./build_all.sh

I have some ./confiugre and make steps in this script and I do not want to do them with root rights.
Is it possible to switch root to user and return to root after couple lines of script?

I know that I can use:

Code:

$ su - $MYUSERNAME -c '...'

but there are so many lines in which I have to use this "su - $MYUSERNAME" prefix that this is not a solution for me.

I tried in another way. I called script as an user and then I used sudo to perform install/mount/etc. actions. It looked better, but I had to confirm password after some time of script's execution...so this is not solution (password check does not provide any automation, so it is useless).

Do you have any other idea how to do it?

Thank you in advance.

acid_kewpie · 12-11-2012, 09:27 AM

no, you can't change user. you can look to write out a script and then execute it all via duso if that is sufficiant, but you can't become a different user, as that will spawn a new session.

Michal Krzyz · 12-11-2012, 10:20 AM

Thank you for your answer.

So what is the best solution for making automatic build scripts, for example as following one:

Code:

#!/bin/bash

LFS=/mnt/lfs

cd $LFS/sources/build/
tar -xzvf $LFS/sources/packages/e2fsprogs-1.42.5.tar.gz
cd e2fsprogs-1.42.5
mkdir -v build
cd build
../configure
make
make install                   #REQUIRES SUDO
mke2fs -jv /dev/sda9           #REQUIRES SUDO
cd $LFS/sources/build/
rm -rfv e2fsprogs-1.42.5

... # maybe much more lines with some steps requiring root's hand

I think that it is not good idea to do everything as a root user.

shivaa · 12-11-2012, 01:31 PM

If you have sudo rights available, then you can first switch to root user, and then invoke it, as:

Code:

sudo su - root
Password for username: 
./build_all.sh

Perhaps then it will not ask for any password during execution of script. And if you want to automate this script (i.e. in cron), then add it to crontab with root user, not with your own user i.e username.

Michal Krzyz · 12-11-2012, 01:59 PM

If I didn't missunderstand you, your solution will execute whole script as a root. Problem is that I wanted to run just couple commands as root and others (like ./configure and make) as non-root user.

shivaa · 12-11-2012, 10:26 PM

Is there any specific reason for doing this? Anyway, first thing is that it's not possible to invoke root privillaged command with normal user without supplying a password. Whenever you will do a sudo or su, you will need to supply a password.
In you script (as per the part of script you mentioned), there's nothing problematic, whether root run it or a normal user run it. Althogh one thing is that the directories/files that it will create, will get root's ownership. So you can explicitly provide chwon cmd at the end of your script to change ownership back to you.
Besides, you should show where it will cause problem in your script with root's hands.

Michal Krzyz · 12-12-2012, 12:57 AM

Quote:

Anyway, first thing is that it's not possible to invoke root privillaged command with normal user without supplying a password

No way, are you kidding me? You think I am such a noob... I think I have to stop asking questions on LQ.

The thing is that actually you can configure sudo to remove pass request for the user (or remove expiration time keeping user able to sudo without asking him for password again during script execution), but this is stupid idea.

Of course there is a reason. I am building/configuring packages, copying user's data and so on... and this is not good idea to use root everywhere (it is not even safe to use root for some operations).

I found one solution, which seems to be good for builds but not for everything what I wanted (problem is with some device manipulation commands, where root's rights are still required).

I started to use --prefix options during configuration of packages (every package will be installed to user's directory), after all (after execution of build script which is called by su - $USERNAME -c '...') I will use:

Code:

# install -g .. -o .. -m .. ..... <prefix_directory>

redfox2807 · 12-12-2012, 01:00 AM

You can grab all the commands that require root privileges and move them to another script that is run from your current script via sudo or su. So that all the compiling stuff (and cleaning up) is done by a regular user while the actual setting up the environment is done by root

ntubski · 12-12-2012, 10:42 AM

Quote:

Originally Posted by Michal Krzyz

I tried in another way. I called script as an user and then I used sudo to perform install/mount/etc. actions. It looked better, but I had to confirm password after some time of script's execution...so this is not solution (password check does not provide any automation, so it is useless).

Maybe you can use sudo -v to renew the cached credential so it doesn't time out and ask for password again:

Code:

#!/bin/bash

sudo -v # user supplies password first time

# renew credentials every 14 minutes (default timeout is 15 minutes)
(while : ; do sudo -nv && sleep $((14*60)) ; done) &
SUDO_REFRESH_PID=$!

# rest of script using sudo for some commands goes here
...



# cleanup
kill $SUDO_REFRESH_PID

Michal Krzyz · 12-12-2012, 12:38 PM

Thank you ntubski

This is very nice workaround. I really like this solution...but I have to check it because I am not sure it will work

(I have never use sudo -v option before).

Maybe it could be better to attach this process to the script and then it will be terminated automatically after script's execution.
Anyway, I found something like:

Code:

trap 'kill $(jobs -p)' EXIT
...

I tested it with simple script and it seems to work fine.
Tomorrow I will start real test, but I think that this solution is acceptable.

Thank you all for your time.

PTrenholme · 12-12-2012, 01:05 PM

I wouldn't recommend this for a multi-user system, but, on my home single-user system, I just edit /etc/sudoers to have a group with the NOPASSWD option, and put myself into that group. Then sudo doesn't prompt me for a password. (Note that, if you wish, you can restrict the "no password required" group to a specific set of commands.)

Note also that the sudoers file is read early in a session, and changes in the file may need a reboot or logout/login sequence before they become active.