9

When executing a shell script, how does sudo come into play in the following?

# script.sh
ls /root
sudo ls /root

Now, if I run $ sudo ./script.sh or $ ./script.sh what will be the difference? For example:

  1. Do all commands that are run with sudo ./script.sh automatically prepend a "sudo" to that command?
  2. Is the sudo ls /root line vlid? Or should the line instead of ls /root and require root invocation?

Basically, I'm trying to figure out the difference in a line-item being run as sudo, or the script itself being run as sudo.

Improve this question
4
  • Just run both and see the difference? It's really unclear what you're asking here. Commented Jul 15, 2020 at 3:48
  • Within a script, before a command that requires elevated privilege, you check the UID (and or EUID) of the current user. If it isn't 0 and root privileges are needed, then you can use sudo to execute the command (or start a separate subshell if more than a simple command is involved). E.g. if [ "$UID" -ne 0 -a "$EUID" -ne 0 ]; then # use sudo If you have a certain user that should be able to sudo without a password -- add that user to the wheel group and, as root, run visudo and configure (uncomment) the desired line at the end. Commented Jul 15, 2020 at 3:51
  • @DavidC.Rankin thanks -- want to put that in an answer and I can accept? Commented Jul 15, 2020 at 16:58
  • Sure, give me a minute and I'll write it up. Commented Jul 15, 2020 at 18:02

2 Answers 2

Reset to default
5

If you have a script that requires elevated privileges for certain commands, one way to handle those commands is with sudo. Before using sudo, there are several considerations for configuring its use. For instance, if you have certain users you want to be able to run commands with sudo and further to run sudo without being prompted for a password, you need a bit of configuration first. sudo is configured through the visudo utility. For most uses of sudo you will simply need to uncomment options at the end of the file. However to allow users to run sudo without a password, you will also need to add those users to the wheel group (some distros now use a sudo group -- check). After adding users to the wheel group, to allow them to use sudo without a password, you would run visudo and uncomment the following line:

## Same thing without a password
%wheel ALL=(ALL) NOPASSWD: ALL

With sudo configured, then within a script, if elevated (root) privileges are needed you simply need to check whether the user UID (and/or EUID) are equal to zero indicating the user is root, if not, then you use sudo to run the command. You can structure the test in the negative or in the positive to fit your taste, e.g.

if [ "$UID" -eq 0 -o "$EUID" -eq 0 ]; then
    command
else
    sudo command
fi

or

if [ "$UID" -ne 0 -a "$EUID" -ne 0 ]; then
    sudo command
else
    command
fi

If your command is not a simple command, but instead contains redirections or pipelines, then you must run the entire command with sudo not just the first command in the list. To do so, just use sudo bash -c "your long command" to ensure elevated privileges are available to each part of a compound command that needs it. For example if you attempt:

sudo cat /etc/sudoers > sudoersbackup

The command will fail. While cat has the elevated privileges to read the file the > redirection is run as the regular user and will fail due to lack of permission. To handle that circumstance, you can do:

sudo bash -c "cat /etc/sudoers > sudoersbackup"

That ensures elevated privileges are available to the entire command.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

SUDO stands for "super user do". Basically it is a keyword that when prefixed before any other command, will force that command to run with elevated privileges. Certain commands require elevated privileges. There should be a file located at /etc/sudoers which provides a list of users or user groups who have permission to execute privileged commands.

So if your shell script requires no special privileges to run (which I expect it does not), then sudo ./script.sh should be equivalent to bash script.sh or ./script.sh.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.