Shell Script with Superuser Power?

halfpower · 06-09-2006, 06:43 PM

I want a shell script to have root privileges. I don't want it to ask for a password and I want the command line returned to the user who invoked the command without out superuser privileges and in the same shell that it was in before hand. I have the file

Code:

#!/bin/sh
su
password

/sbin/insmod rt2500.o
/sbin/ifconfig ra0 inet 192.168.1.234 up
/sbin/route add default gw 192.168.1.1

su echo $USER

This does not work the way I want it to. It even prints the root password to the screen. How can I accomplish this task?

Alien Bob · 06-09-2006, 06:50 PM

If you save this

Code:

#!/bin/sh
/sbin/ifconfig ra0 inet 192.168.1.234 up
/sbin/route add default gw 192.168.1.1

under the name, say, /usr/local/bin/start_wireless.sh and make it executable, then add this line to the /etc/sudoers file:

Code:

ALL ALL = NOPASSWD: /usr/local/bin/start_wireless.sh

then all you need to do to run the script with root privileges and no password asked is this:

Code:

sudo /usr/local/bin/start_wireless.sh

Eric

tank728 · 06-09-2006, 06:52 PM

There are a couple of ways to do this. Off the top of my head you can do one of two things.

1)
put the script in /usr/local/bin and then in the
/etc/sudoers file all it root permissions without a
password. Then when you invoke the script do
sudo <script> and you will not get a password prompt

2)
Set the setuid bit with the chmod command, I am sure
what the exact options would be but maybe
chmod 2755 <script>

also I would check to make sure you are root before running the script put something like this in the first few lines of the script.

Code:

if[ "$USER" != "root" ]; then
   echo "exiting...you need to be root"
   exit 1
fi

you beat me to it, must be a slow typist

kodon · 06-09-2006, 06:53 PM

*duplicate post*

drkstr · 06-09-2006, 07:01 PM

Nice. 3 replies at the same time. You know something is interesting when...

regards,
...drkstr

Alien Bob · 06-09-2006, 07:03 PM

Quote:

Originally Posted by tank728

also I would check to make sure you are root before running the script

He wanted a script that runs with root privileges, without the user being root (or having any chance of obtaining root privileges) at all.
Remember to make the script readonly for everyone by the way... I will leave it to your imagination as to the why.

Also, setting the suid bit just like that, on a shell script, is unwise because that is inheritly dangerous.

Eric

Alien Bob · 06-09-2006, 07:04 PM

Quote:

Originally Posted by drkstr

Nice. 3 replies at the same time. You know something is interesting when...

People are always attracted to superpower...

Eric

spirit receiver · 06-09-2006, 07:06 PM

Quote:

Originally Posted by kodon

set the suid bit

This won't work with shell scripts, I'd also recommend using sudo.

kodon · 06-09-2006, 07:16 PM

ahh. never tried it with a script...
i just add stuff like this to my rc.local

but you are correct...even with suid
the script does not inherit the privileges...

evilDagmar · 06-11-2006, 12:25 AM

Quote:

Originally Posted by tank728

There are a couple of ways to do this. Off the top of my head you can do one of two things.

1)
put the script in /usr/local/bin and then in the
/etc/sudoers file all it root permissions without a
password. Then when you invoke the script do
sudo <script> and you will not get a password prompt

2)
Set the setuid bit with the chmod command, I am sure
what the exact options would be but maybe
chmod 2755 <script>

*bzzt* Suid scripts are not allowed anymore because they're too easily exploited. This sort of thing has to be done with sudo or some other similar wrapper. Oh you can set the sticky-bit all you like, but the system will ignore it...

Code:

dagmar@scraps:~$ cat proof.sh
#!/bin/bash
echo $UID
dagmar@scraps:~$ ls -al proof.sh
-rwsr-xr-x    1 root     users          22 Jun 11 00:31 proof.sh
dagmar@scraps:~$ ./proof.sh
1000
dagmar@scraps:~$

kodon · 06-11-2006, 12:35 AM

the sticky bit is a completely different subject

Zoko · 06-12-2006, 01:50 AM

I'm going to guess that the suid method wouldn't work because the script isn't being executed, it's invoking a seperate application then feeding it commands. Someone correct me if I'm wrong.

I recommend using sudo. There are numerous ways to configure sudo (the man page is over a thousand lines long) but the answer that Alien Bob provided should work great.

wchild · 06-14-2006, 05:27 AM

Quote:

Originally Posted by kodon

or set the suid bit

Security risk.
Shall be avoided at any costs.

kodon · 06-14-2006, 09:15 AM

read the whole thread

halfpower · 06-14-2006, 10:52 AM

Quote:

Originally Posted by Alien Bob

If you save this

Code:

#!/bin/sh
/sbin/ifconfig ra0 inet 192.168.1.234 up
/sbin/route add default gw 192.168.1.1

under the name, say, /usr/local/bin/start_wireless.sh and make it executable, then add this line to the /etc/sudoers file:

Code:

ALL ALL = NOPASSWD: /usr/local/bin/start_wireless.sh

then all you need to do to run the script with root privileges and no password asked is this:

Code:

sudo /usr/local/bin/start_wireless.sh

Eric

Thanks AB. That seemed to do the trick. Why though, do I still have to type sudo? Is there any particular reason to put the script in the /usr/local/bin/ directory?