I am in need of adding root privileges to a bash script which uses sudo; so that whenever we run the script from the terminal; irrespective of the fact that the user is root or not it should not prompt for password. Please help! Doing Run Bash Script as Root did not help.
4 Answers
The best solution would be use visudo (this tool was made for that and will avoid the exposition of root password), I suggest you to dig what are going wrong with that.
As a workaround, you can run this:
echo <password> | sudo -S some-script(start the command with a space so it won't be saved in bash history).
Regards.
It is very unwise to create a security hole by elevating rights (something that i oppose) without any form of identity check, but if your script is non-interactive and the system is in complete control of the script itself (that means that the user can't fiddle with it) there are several ways to do this in a safe way. I give you some examples using a kind of makeshift "event triggers"
(yes, stretching the definition a bit)
This one should be started beforehand by the server (in /etc/rclocal or something like that) this script has "root" permission.
#!/bin/bash
CMD="/path/to/a/directory/the/user/has/rights/to/write/into"
mkdir -p "$CMD"
while :
do inotifywait -q -e moved_to "$CMD" >/dev/null /path/to/script/you/want/to/run.sh
doneThe second one is the script that the user invokes, it has no root permission:
#!/bin/bash
CMD="/path/to/a/directory/the/user/has/rights/to/write/into"
touch dummyfile ; mv dummyfile "$CMD"As you can see, the user has no elevated rights and also can't do anything beyond "pushing the button". If the client is moving something in the prepared directory, the serverscript gets a signal that it has to run your script.
Another way (less secure) to do this is using sockets:
First, again, a script invoked by the server (just like in the first example)
#!/bin/bash
PORTNUMBER="12345" #or whatever you like and not in use
while :
do nc -l localhost $PORTNUMBER >/dev/null /path/to/script/you/want/to/run.sh
donethen a clientscript
#!/bin/bash
PORTNUMBER="12345" #or whatever you like and not in use
echo "something" | nc localhost $PORTNUMBERthe last line can also be replaced with:
echo "something" >/dev/tcp/localhost/$PORTNUMBERHere again: an echo to a socket will signal the serverscript to run your script.
And of course this can also be done with named pipes, but you get the idea :-)
Keeping in mind that by doing this you are allowing anyone to run it I believe you need to chmod it by giving it appropriate permission, 0755 should do it.
2Have you tried setting a sticky bit on the file, so when it's run it'll run as root?
You can run chmod 2777 on the file and chown root on the file to give it to root.
Now, anyone who executes the file will be running it as root.
2
