LinuxQuestions.org
Page 1 of 2 1 2
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   Shell Script with Superuser Power? (https://www.linuxquestions.org/questions/slackware-14/shell-script-with-superuser-power-453290/)

halfpower 06-09-2006 06:43 PM
Shell Script with Superuser Power?
 
I want a shell script to have root privileges. I don't want it to ask for a password and I want the command line returned to the user who invoked the command without out superuser privileges and in the same shell that it was in before hand. I have the file

Code:
#!/bin/sh
su
password

/sbin/insmod rt2500.o
/sbin/ifconfig ra0 inet 192.168.1.234 up
/sbin/route add default gw 192.168.1.1

su echo $USER
This does not work the way I want it to. It even prints the root password to the screen. How can I accomplish this task?

Alien Bob 06-09-2006 06:50 PM
If you save this
Code:
#!/bin/sh
/sbin/ifconfig ra0 inet 192.168.1.234 up
/sbin/route add default gw 192.168.1.1
under the name, say, /usr/local/bin/start_wireless.sh and make it executable, then add this line to the /etc/sudoers file:
Code:
ALL ALL = NOPASSWD: /usr/local/bin/start_wireless.sh
then all you need to do to run the script with root privileges and no password asked is this:
Code:
sudo /usr/local/bin/start_wireless.sh

Eric

tank728 06-09-2006 06:52 PM
There are a couple of ways to do this. Off the top of my head you can do one of two things.

1)
put the script in /usr/local/bin and then in the
/etc/sudoers file all it root permissions without a
password. Then when you invoke the script do
sudo <script> and you will not get a password prompt

2)
Set the setuid bit with the chmod command, I am sure
what the exact options would be but maybe
chmod 2755 <script>

also I would check to make sure you are root before running the script put something like this in the first few lines of the script.
Code:
if[ "$USER" != "root" ]; then
  echo "exiting...you need to be root"
  exit 1
fi
you beat me to it, must be a slow typist

kodon 06-09-2006 06:53 PM
*duplicate post*

drkstr 06-09-2006 07:01 PM
Nice. 3 replies at the same time. You know something is interesting when...

regards,
...drkstr

Alien Bob 06-09-2006 07:03 PM
Quote:
Originally Posted by tank728
also I would check to make sure you are root before running the script
He wanted a script that runs with root privileges, without the user being root (or having any chance of obtaining root privileges) at all.
Remember to make the script readonly for everyone by the way... I will leave it to your imagination as to the why.

Also, setting the suid bit just like that, on a shell script, is unwise because that is inheritly dangerous.

Eric

Alien Bob 06-09-2006 07:04 PM
Quote:
Originally Posted by drkstr
Nice. 3 replies at the same time. You know something is interesting when...
People are always attracted to superpower...

Eric

spirit receiver 06-09-2006 07:06 PM
Quote:
Originally Posted by kodon
set the suid bit
This won't work with shell scripts, I'd also recommend using sudo.

kodon 06-09-2006 07:16 PM
ahh. never tried it with a script...
i just add stuff like this to my rc.local

but you are correct...even with suid
the script does not inherit the privileges...

evilDagmar 06-11-2006 12:25 AM
Quote:
Originally Posted by tank728
There are a couple of ways to do this. Off the top of my head you can do one of two things.

1)
put the script in /usr/local/bin and then in the
/etc/sudoers file all it root permissions without a
password. Then when you invoke the script do
sudo <script> and you will not get a password prompt

2)
Set the setuid bit with the chmod command, I am sure
what the exact options would be but maybe
chmod 2755 <script>
*bzzt* Suid scripts are not allowed anymore because they're too easily exploited. This sort of thing has to be done with sudo or some other similar wrapper. Oh you can set the sticky-bit all you like, but the system will ignore it...

Code:
dagmar@scraps:~$ cat proof.sh
#!/bin/bash
echo $UID
dagmar@scraps:~$ ls -al proof.sh
-rwsr-xr-x    1 root    users          22 Jun 11 00:31 proof.sh
dagmar@scraps:~$ ./proof.sh
1000
dagmar@scraps:~$

kodon 06-11-2006 12:35 AM
the sticky bit is a completely different subject

Zoko 06-12-2006 01:50 AM
I'm going to guess that the suid method wouldn't work because the script isn't being executed, it's invoking a seperate application then feeding it commands. Someone correct me if I'm wrong.

I recommend using sudo. There are numerous ways to configure sudo (the man page is over a thousand lines long) but the answer that Alien Bob provided should work great.

wchild 06-14-2006 05:27 AM
Quote:
Originally Posted by kodon
or set the suid bit
Security risk.
Shall be avoided at any costs.

kodon 06-14-2006 09:15 AM
read the whole thread

halfpower 06-14-2006 10:52 AM
Quote:
Originally Posted by Alien Bob
If you save this
Code:
#!/bin/sh
/sbin/ifconfig ra0 inet 192.168.1.234 up
/sbin/route add default gw 192.168.1.1
under the name, say, /usr/local/bin/start_wireless.sh and make it executable, then add this line to the /etc/sudoers file:
Code:
ALL ALL = NOPASSWD: /usr/local/bin/start_wireless.sh
then all you need to do to run the script with root privileges and no password asked is this:
Code:
sudo /usr/local/bin/start_wireless.sh

Eric
Thanks AB. That seemed to do the trick. Why though, do I still have to type sudo? Is there any particular reason to put the script in the /usr/local/bin/ directory?


All times are GMT -5. The time now is 02:50 AM.
Page 1 of 2 1 2
Show 50 post(s) from this thread on one page