Is it possible to switch between the root/user inside automatic script?
Hello,
I am writing bash script which is building some tools and is setting environment. This scripts make a lot of root stuff like mount, mkfs, make install etc. This script is called by sudo command: Code:
sudo ./build_all.sh Is it possible to switch root to user and return to root after couple lines of script? I know that I can use: Code:
$ su - $MYUSERNAME -c '...' I tried in another way. I called script as an user and then I used sudo to perform install/mount/etc. actions. It looked better, but I had to confirm password after some time of script's execution...so this is not solution (password check does not provide any automation, so it is useless). Do you have any other idea how to do it? Thank you in advance. |
no, you can't change user. you can look to write out a script and then execute it all via duso if that is sufficiant, but you can't become a different user, as that will spawn a new session.
|
Thank you for your answer.
So what is the best solution for making automatic build scripts, for example as following one: Code:
#!/bin/bash |
If you have sudo rights available, then you can first switch to root user, and then invoke it, as:
Code:
sudo su - root |
If I didn't missunderstand you, your solution will execute whole script as a root. Problem is that I wanted to run just couple commands as root and others (like ./configure and make) as non-root user.
|
Is there any specific reason for doing this? Anyway, first thing is that it's not possible to invoke root privillaged command with normal user without supplying a password. Whenever you will do a sudo or su, you will need to supply a password.
In you script (as per the part of script you mentioned), there's nothing problematic, whether root run it or a normal user run it. Althogh one thing is that the directories/files that it will create, will get root's ownership. So you can explicitly provide chwon cmd at the end of your script to change ownership back to you. Besides, you should show where it will cause problem in your script with root's hands. |
Quote:
The thing is that actually you can configure sudo to remove pass request for the user (or remove expiration time keeping user able to sudo without asking him for password again during script execution), but this is stupid idea. Of course there is a reason. I am building/configuring packages, copying user's data and so on... and this is not good idea to use root everywhere (it is not even safe to use root for some operations). I found one solution, which seems to be good for builds but not for everything what I wanted (problem is with some device manipulation commands, where root's rights are still required). I started to use --prefix options during configuration of packages (every package will be installed to user's directory), after all (after execution of build script which is called by su - $USERNAME -c '...') I will use: Code:
# install -g .. -o .. -m .. ..... <prefix_directory> |
You can grab all the commands that require root privileges and move them to another script that is run from your current script via sudo or su. So that all the compiling stuff (and cleaning up) is done by a regular user while the actual setting up the environment is done by root
|
Quote:
Code:
#!/bin/bash |
Thank you ntubski
This is very nice workaround. I really like this solution...but I have to check it because I am not sure it will work :) (I have never use sudo -v option before). Maybe it could be better to attach this process to the script and then it will be terminated automatically after script's execution. Anyway, I found something like: Code:
trap 'kill $(jobs -p)' EXIT Tomorrow I will start real test, but I think that this solution is acceptable. Thank you all for your time. |
I wouldn't recommend this for a multi-user system, but, on my home single-user system, I just edit /etc/sudoers to have a group with the NOPASSWD option, and put myself into that group. Then sudo doesn't prompt me for a password. (Note that, if you wish, you can restrict the "no password required" group to a specific set of commands.)
Note also that the sudoers file is read early in a session, and changes in the file may need a reboot or logout/login sequence before they become active. |
All times are GMT -5. The time now is 11:07 PM. |