LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 06-09-2006, 07:43 PM   #1
halfpower
Member
 
Registered: Jul 2005
Distribution: Slackware
Posts: 244

Rep: Reputation: 31
Shell Script with Superuser Power?


I want a shell script to have root privileges. I don't want it to ask for a password and I want the command line returned to the user who invoked the command without out superuser privileges and in the same shell that it was in before hand. I have the file

Code:
#!/bin/sh
su
password

/sbin/insmod rt2500.o
/sbin/ifconfig ra0 inet 192.168.1.234 up
/sbin/route add default gw 192.168.1.1

su echo $USER
This does not work the way I want it to. It even prints the root password to the screen. How can I accomplish this task?
 
Old 06-09-2006, 07:50 PM   #2
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559

Rep: Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116
If you save this
Code:
#!/bin/sh
/sbin/ifconfig ra0 inet 192.168.1.234 up
/sbin/route add default gw 192.168.1.1
under the name, say, /usr/local/bin/start_wireless.sh and make it executable, then add this line to the /etc/sudoers file:
Code:
ALL ALL = NOPASSWD: /usr/local/bin/start_wireless.sh
then all you need to do to run the script with root privileges and no password asked is this:
Code:
sudo /usr/local/bin/start_wireless.sh

Eric
 
Old 06-09-2006, 07:52 PM   #3
tank728
Member
 
Registered: Sep 2003
Posts: 142

Rep: Reputation: 17
There are a couple of ways to do this. Off the top of my head you can do one of two things.

1)
put the script in /usr/local/bin and then in the
/etc/sudoers file all it root permissions without a
password. Then when you invoke the script do
sudo <script> and you will not get a password prompt

2)
Set the setuid bit with the chmod command, I am sure
what the exact options would be but maybe
chmod 2755 <script>

also I would check to make sure you are root before running the script put something like this in the first few lines of the script.
Code:
if[ "$USER" != "root" ]; then
   echo "exiting...you need to be root"
   exit 1
fi
you beat me to it, must be a slow typist
 
Old 06-09-2006, 07:53 PM   #4
kodon
Member
 
Registered: Jul 2004
Location: [jax][fl][usa]
Distribution: Slackware64-current
Posts: 796

Rep: Reputation: 31
*duplicate post*

Last edited by kodon; 06-14-2006 at 12:33 PM.
 
Old 06-09-2006, 08:01 PM   #5
drkstr
Senior Member
 
Registered: Feb 2006
Location: Seattle, WA: USA
Distribution: Slackware 11.0
Posts: 1,191

Rep: Reputation: 45
Nice. 3 replies at the same time. You know something is interesting when...

regards,
...drkstr
 
Old 06-09-2006, 08:03 PM   #6
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559

Rep: Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116
Quote:
Originally Posted by tank728
also I would check to make sure you are root before running the script
He wanted a script that runs with root privileges, without the user being root (or having any chance of obtaining root privileges) at all.
Remember to make the script readonly for everyone by the way... I will leave it to your imagination as to the why.

Also, setting the suid bit just like that, on a shell script, is unwise because that is inheritly dangerous.

Eric
 
Old 06-09-2006, 08:04 PM   #7
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,559

Rep: Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116Reputation: 8116
Quote:
Originally Posted by drkstr
Nice. 3 replies at the same time. You know something is interesting when...
People are always attracted to superpower...

Eric
 
Old 06-09-2006, 08:06 PM   #8
spirit receiver
Member
 
Registered: May 2006
Location: Frankfurt, Germany
Distribution: SUSE 10.2
Posts: 424

Rep: Reputation: 33
Quote:
Originally Posted by kodon
set the suid bit
This won't work with shell scripts, I'd also recommend using sudo.
 
Old 06-09-2006, 08:16 PM   #9
kodon
Member
 
Registered: Jul 2004
Location: [jax][fl][usa]
Distribution: Slackware64-current
Posts: 796

Rep: Reputation: 31
ahh. never tried it with a script...
i just add stuff like this to my rc.local

but you are correct...even with suid
the script does not inherit the privileges...
 
Old 06-11-2006, 01:25 AM   #10
evilDagmar
Member
 
Registered: Mar 2005
Location: Right behind you.
Distribution: NBG, then randomed.
Posts: 480

Rep: Reputation: 31
Quote:
Originally Posted by tank728
There are a couple of ways to do this. Off the top of my head you can do one of two things.

1)
put the script in /usr/local/bin and then in the
/etc/sudoers file all it root permissions without a
password. Then when you invoke the script do
sudo <script> and you will not get a password prompt

2)
Set the setuid bit with the chmod command, I am sure
what the exact options would be but maybe
chmod 2755 <script>
*bzzt* Suid scripts are not allowed anymore because they're too easily exploited. This sort of thing has to be done with sudo or some other similar wrapper. Oh you can set the sticky-bit all you like, but the system will ignore it...

Code:
dagmar@scraps:~$ cat proof.sh
#!/bin/bash
echo $UID
dagmar@scraps:~$ ls -al proof.sh
-rwsr-xr-x    1 root     users          22 Jun 11 00:31 proof.sh
dagmar@scraps:~$ ./proof.sh
1000
dagmar@scraps:~$
 
Old 06-11-2006, 01:35 AM   #11
kodon
Member
 
Registered: Jul 2004
Location: [jax][fl][usa]
Distribution: Slackware64-current
Posts: 796

Rep: Reputation: 31
the sticky bit is a completely different subject
 
Old 06-12-2006, 02:50 AM   #12
Zoko
Member
 
Registered: May 2004
Location: Morgantown, West Virginia
Distribution: Gentoo 2007.0, Straw Hat Linux
Posts: 31

Rep: Reputation: 15
I'm going to guess that the suid method wouldn't work because the script isn't being executed, it's invoking a seperate application then feeding it commands. Someone correct me if I'm wrong.

I recommend using sudo. There are numerous ways to configure sudo (the man page is over a thousand lines long) but the answer that Alien Bob provided should work great.
 
Old 06-14-2006, 06:27 AM   #13
wchild
Member
 
Registered: Mar 2006
Distribution: Slackware
Posts: 63

Rep: Reputation: 15
Quote:
Originally Posted by kodon
or set the suid bit
Security risk.
Shall be avoided at any costs.
 
Old 06-14-2006, 10:15 AM   #14
kodon
Member
 
Registered: Jul 2004
Location: [jax][fl][usa]
Distribution: Slackware64-current
Posts: 796

Rep: Reputation: 31
read the whole thread
 
Old 06-14-2006, 11:52 AM   #15
halfpower
Member
 
Registered: Jul 2005
Distribution: Slackware
Posts: 244

Original Poster
Rep: Reputation: 31
Quote:
Originally Posted by Alien Bob
If you save this
Code:
#!/bin/sh
/sbin/ifconfig ra0 inet 192.168.1.234 up
/sbin/route add default gw 192.168.1.1
under the name, say, /usr/local/bin/start_wireless.sh and make it executable, then add this line to the /etc/sudoers file:
Code:
ALL ALL = NOPASSWD: /usr/local/bin/start_wireless.sh
then all you need to do to run the script with root privileges and no password asked is this:
Code:
sudo /usr/local/bin/start_wireless.sh

Eric
Thanks AB. That seemed to do the trick. Why though, do I still have to type sudo? Is there any particular reason to put the script in the /usr/local/bin/ directory?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Shell Scripting: Getting a pid and killing it via a shell script topcat Programming 15 10-28-2007 03:14 AM
I made a shortcut to a shell script and it is using default shell icon... shlinux Linux - Software 2 04-20-2006 07:29 AM
Alias or shell script to confirm 'exit' commands from a shell rose_bud4201 Programming 2 03-08-2006 03:34 PM
shell script problem, want to use shell script auto update IP~! singying304 Programming 4 11-29-2005 06:32 PM
I do not have superuser power halfpower Debian 4 08-20-2005 10:02 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 04:40 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration