2

I would like to check if the user has sudo privileges. This is an approximate example of what I am trying to do. I am trying to get this to work across the following os: centos, ubuntu, arch.

if userIsSudo; then
 chsh -s $(which zsh)
fi
Improve this question

5 Answers 5

Reset to default
4

sudo -l will display the commands that the user can run with sudo privileges. If there are no commands that can be run, sudo -l will return an error code and so you could try:

sudo -l && chsh -s $(which zsh)
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

in my case, I had to do it like so if sudo -l &> /dev/null remove any output but it works as it should and doesn't prompt for a password.
@AndriusSolopovas - what does it do if a user who doesn't have sudo privileges run it? For me, Ubuntu 20.04, an unprivileged user get prompted for a password with -l, but not with -v. With privileged users it's the other way around.
@tink I can't remember everything 3 years back but I can confirm that -l caused password prompt on my Linux Mint and my wsl on Windows, I think back then I was on arch and it worked fine with -l. I wonder why it inhibits such behaviour maybe /etc/sudoers conf varies from distribution to distribution?
3

Try with this:

$ sudo -v &> /dev/null && echo "Sudoer" || echo "Not sudoer"

Also, IDK how secure will be searching for his membership in the sudo group, i.e:

$ groups "$(id -un)" \
    | grep -q ' sudo ' \
        && echo In sudo group \
        || echo Not in sudo group

Or:

$ getent group sudo \
    | grep -qE "(:|,)$(id -un)(,|$)" \
        && echo in sudo group \
        || echo not in sudo group
Improve this answer

4 Comments

the first example I think is perfect.
sudo -v &> /dev/null queries the password on execution on arch linux.
I didn't know you were using arch. You could put the password or use the other options.
It also prompts for a password on Ubuntu ...
2

Usually when you run an script you want to know if end it well or you got an error or what kind of error you got if there was any.

This is a more elaborated snippet, sudoer-script.sh:

## Define error code
E_NOTROOT=87 # Non-root exit error.

## check if is sudoer
if ! $(sudo -l &> /dev/null); then
    echo 'Error: root privileges are needed to run this script'
    exit $E_NOTROOT
fi

## do something else you 

## means it was successfully executed
exit 0

Now you can reuse your script, pipe it or concatenate with other commands

sudoer-script.sh && ls

## in a script
if $(sudoer-script.sh); then
  echo 'success'
fi

## capture error
stderr=$(./sudoer-script.sh 2>&1 >/dev/null)
echo $stderr

As a function:

is_sudoer() {
    ## Define error code
    E_NOTROOT=87 # Non-root exit error.

    ## check if is sudoer
    if ! $(sudo -l &> /dev/null); then
        echo 'Error: root privileges are needed to run this script'
        return $E_NOTROOT
    fi
    return  0
}

if is_sudoer; then
    echo "Sudoer"
else
    echo "Not sudoer"
fi
Improve this answer

Comments

1

A potentially more consistent solution is to re-validate (-v/--validate), get the password from standard input (-S/--stdin), and close stdin for the duration of the command (0<&-/<&-); if you have privileges, it'll return successfully, and if you don't, it will attempt to read from the closed pipe and immediately error out. Pairing this with closing or redirecting stdout & stderr (&>/dev/null) will result in a completely silent check for the sudo status. Closing standard input is a pretty consistent way to make a lot of programs/scripts that require user input from the command line at some point to fail once they get there.

if sudo -S -v <&- &>/dev/null; then
    echo "You are a Super User"
else
    echo "You are not a Super User"
fi
Improve this answer

Comments

0

Here is a modified example of Cuauhtli's logic.

I stored a boolean (0 = false, 1 = true) response instead:

#!/usr/bin/env bash

IS_SUDOER=$(sudo -v &> /dev/null && echo 1 || echo 0)

if [[ "$IS_SUDOER" -eq 1 ]]; then
    sudo chown root /path/to/some/restricted/file
    sudo chmod 4755 /path/to/some/restricted/file
else
    echo "WARNING: Privileged account required to alter file permissions"
fi

And here is my modified example of Teocci's logic.

#!/usr/bin/env bash

is_sudoer() {
    ERR_NOT_ROOT=87
    if ! $(sudo -v &> /dev/null); then
        #echo "Error: Must be a privilaged user to execute"
        return $ERR_NOT_ROOT
    fi  
    return 0
}

if is_sudoer; then
    echo "Access granted!"
else
    echo "Permissioned denied!"
fi
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.