Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

[Solved]How you Mix in bash script user and root commands?

New to Debian (Or Linux in general)? Ask your questions here!
Post Reply
Message
Author
User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

[Solved]How you Mix in bash script user and root commands?

#1 Post by bester69 »

Hi,
I dont know what is the properly way to get this done;

I need to use in a script some root commands without giving access the user to thoses commands without the scripts....I meant , I dont want to sudoer those commands for the user, only the script..

I have somehing like this.:

script.sh
- user_command1, user_command2
- user_command3
- sudo root_commadn1, sudo root_commadn2
- sudo root_commadn3

------
So, My question is next, How can I run that user script without asking for sudo password (remember, I dont want to sudoer all command in script, only script).
/etc/sudoers
user ALL=(ALL:ALL) NOPASSWD: /home/user/scripts.sh


The problem I have is, If I sudoer the script in order to run it without sudo password, then, all of the within user comand lines are execute as root, and the script will mess a lot of things....

So the only way I found out this to work is by replacing user line commands with su user -c <<commnad>>, but this obligate me to change/edit many lines of all my scripts...

SO I DONT KNOW, HOW TO PROCEED HERE! :( , any help?, thanks
Last edited by bester69 on 2019-10-05 18:33, edited 1 time in total.
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: How do I Mix in bash script user and root commands?

#2 Post by bester69 »

https://superuser.com/questions/1255613 ... ire-script

PERHAPS, I sould replace all sudo words within scripts with :
echo $admpass | sudo -S *COMMAND*

alias sudo="echo 'XddfC^Q=[' | sudo -S"
$sudo admin_command


and create a sudoer scritpt function that query admin password ($admpass) from a secret root file. :?:
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: How do I Mix in bash script user and root commands?

#3 Post by bester69 »

Ok,
I think the more properly solituons is sudoers the whole script, and add SUDO -U to use only in user writing operation

So Ive created an alias function named "suser" to use in the same way than sudo but for writing user operations.:
#!/bin/bash
#
if [ $SUDO_USER ]; then
real_user=$SUDO_USER
else
real_user=$USER
fi

#function suser { sudo -u "$alias_suser" | suser; }
suser () { sudo -u "$real_user" "$@" ; }

pathsnap=/media/cache/.snapflag
suser touch /media/cache/.snapflag
....
sudo mount -t btrfs -o subvolid=0 /dev/sda2 ./xZZ
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

CwF
Global Moderator
Global Moderator
Posts: 2638
Joined: 2018-06-20 15:16
Location: Colorado
Has thanked: 41 times
Been thanked: 192 times

Re: [Solved]How you Mix in bash script user and root comman

#4 Post by CwF »

Maybe write out the scripts with an open password, then use shc

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: [Solved]How you Mix in bash script user and root comman

#5 Post by bester69 »

CwF wrote:Maybe write out the scripts with an open password, then use shc
Hidding sudo(root password) by using restriceted permissions in a plain text file in root system would be a bad idea? :?:

>> Im considering using a secrets file with root password within it, and only scritps with sudoers can access/call the root password.

These are the code.:
>>ENPGP grab the sudo password (root)


AnyScript.sh (with sudoer)

Code: Select all

#!/bin/bash
#
export ENPGP=$(sudo ~/scripts/secrets.sh XXYY3)
#function sudo wrapper
sudo () { echo "$ENPGP" | /usr/bin/sudo -S "$@" ; }
-------------
sudo command1
sudo command1
secrets.sh

Code: Select all

#!/bin/bash
#
cat /usr/local/share/secrets/secrets|grep $1|awk -F '"' '{print $2}'
secrets( secrets file with root password)

Code: Select all

XXYY1	"rstfss9fdsf,rib9"
XXYY2	"cbGGns2" #Para
XXYY4	"sladkjlajd" #Para true 
XXYY5	"FcQ6sddJe9S6" #Para true 
Last edited by bester69 on 2019-10-05 23:42, edited 2 times in total.
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: [Solved]How you Mix in bash script user and root comman

#6 Post by bester69 »

Or another develop that seems to be more worthy.:

sritpt_launcher.sh (with sudoer)

Code: Select all

#!/bin/sh
#
ENGP=$(sudo /home/user/scripts/secrets.sh XXYY7)  su user -c "/home/user/scripts/MyUserScript.sh"
It grabs root password and passes to MyUserScript, which run as user permission.

MyUserScript.sh

Code: Select all

#!/bin/sh
#
echo "$ENGP" | sudo -S ls
unset ENGP

touch /home/user/without_root.txt
sudo touch /home/user/with_root.txt
we execute only once (sudo -S) at the beggining of the script by passing environment root password, then we inmediatly clean for security the environment password (ENGP) , and then, the rest of script is able to use sudo without passing the root password.

This last solution looks pretty great.. :D :o :), I wonder if it has any inconvenient I dont see right now
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

CwF
Global Moderator
Global Moderator
Posts: 2638
Joined: 2018-06-20 15:16
Location: Colorado
Has thanked: 41 times
Been thanked: 192 times

Re: [Solved]How you Mix in bash script user and root comman

#7 Post by CwF »

bester69 wrote: CwF wrote:
Maybe write out the scripts with an open password, then use shc


Hidding sudo(root password) by using restriceted permissions in a plain text file in root system would be a bad idea? :?:
It would be 'obfuscated'
https://packages.debian.org/bullseye/shc

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: [Solved]How you Mix in bash script user and root comman

#8 Post by bester69 »

CwF wrote:
bester69 wrote: CwF wrote:
Maybe write out the scripts with an open password, then use shc


Hidding sudo(root password) by using restriceted permissions in a plain text file in root system would be a bad idea? :?:
It would be 'obfuscated'
https://packages.debian.org/bullseye/shc
It sounds very interesting, Im going to give it a look.. I would like to just store my secret passwords file in the compiled script to increase obfuscation, with some kind of "select case decoding", plus sudoers invoking
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

Dai_trying
Posts: 1100
Joined: 2016-01-07 12:25
Has thanked: 5 times
Been thanked: 16 times

Re: [Solved]How you Mix in bash script user and root comman

#9 Post by Dai_trying »

would this page help.

User avatar
wizard10000
Global Moderator
Global Moderator
Posts: 558
Joined: 2019-04-16 23:15
Location: southeastern us
Has thanked: 76 times
Been thanked: 85 times

Re: [Solved]How you Mix in bash script user and root comman

#10 Post by wizard10000 »

The way I do it is run the script under the root account and su to an unprivileged user if needed. My backup scripts do this, here's one of them you can use for an example -

Code: Select all

#!/bin/bash

su -l wizard -c "/usr/bin/bleachbit -c --preset"
/usr/bin/bleachbit -c --preset

if mountpoint -q /media/internal
  then
    rsync -aEquX /root /media/internal/laptop/archive --delete
    rsync -aEquX  /etc /media/internal/laptop/archive --delete
    su -l wizard -c "rsync -aEquX --exclude-from=/home/wizard/.config/rsync/exclude  /home/wizard /media/internal/laptop/home --delete"
    su -l wizard -c "rsync -aEquX  192.168.1.102:/media/external/Videos /media/internal --delete"
    su -l wizard -c "rsync -aEquX  192.168.1.102:/media/external/Music /media/internal --delete"
    su -l wizard -c "rsync -aEquX --exclude-from=/home/wizard/.config/rsync/exclude  192.168.1.102:/media/external/server /media/internal --delete"
    chown -hR wizard:wizard /media/internal
    /usr/bin/rclone --config /root/.config/rclone/rclone.conf sync --exclude-from /root/.config/rclone/rclone-exclude --delete-during --drive-use-trash=false --transfers 4 --checkers 8 --contimeout 60s --timeout 300s --retries 3 --low-level-retries 10 --stats 1s /media/internal/laptop remote:private/laptop
    /usr/bin/rclone --config /root/.config/rclone/rclone.conf sync --delete-during --drive-use-trash=false --transfers 4 --checkers 8 --contimeout 60s --timeout 300s --retries 3 --low-level-retries 10 --stats 1s /home/wizard/Documents remote:private/documents
    /usr/bin/rclone --config /root/.config/rclone/rclone.conf sync --delete-during --copy-links --drive-use-trash=false --transfers 4 --checkers 8 --contimeout 60s --timeout 300s --retries 3 --low-level-retries 10 --stats 1s /home/wizard/software remote:private/software
    rclone cleanup remote:
  fi
swapoff -a && swapon -a
exit 0
Hope this helps -
we see things not as they are, but as we are.
-- anais nin

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: [Solved]How you Mix in bash script user and root comman

#11 Post by bester69 »

wizard10000 wrote:The way I do it is run the script under the root account and su to an unprivileged user if needed. My backup scripts do this, here's one of them you can use for an example -

Code: Select all

#!/bin/bash

su -l wizard -c "/usr/bin/bleachbit -c --preset"
/usr/bin/bleachbit -c --preset

if mountpoint -q /media/internal
  then
    rsync -aEquX /root /media/internal/laptop/archive --delete
    rsync -aEquX  /etc /media/internal/laptop/archive --delete
    su -l wizard -c "rsync -aEquX --exclude-from=/home/wizard/.config/rsync/exclude  /home/wizard /media/internal/laptop/home --delete"
    su -l wizard -c "rsync -aEquX  192.168.1.102:/media/external/Videos /media/internal --delete"
    su -l wizard -c "rsync -aEquX  192.168.1.102:/media/external/Music /media/internal --delete"
    su -l wizard -c "rsync -aEquX --exclude-from=/home/wizard/.config/rsync/exclude  192.168.1.102:/media/external/server /media/internal --delete"
    chown -hR wizard:wizard /media/internal
    /usr/bin/rclone --config /root/.config/rclone/rclone.conf sync --exclude-from /root/.config/rclone/rclone-exclude --delete-during --drive-use-trash=false --transfers 4 --checkers 8 --contimeout 60s --timeout 300s --retries 3 --low-level-retries 10 --stats 1s /media/internal/laptop remote:private/laptop
    /usr/bin/rclone --config /root/.config/rclone/rclone.conf sync --delete-during --drive-use-trash=false --transfers 4 --checkers 8 --contimeout 60s --timeout 300s --retries 3 --low-level-retries 10 --stats 1s /home/wizard/Documents remote:private/documents
    /usr/bin/rclone --config /root/.config/rclone/rclone.conf sync --delete-during --copy-links --drive-use-trash=false --transfers 4 --checkers 8 --contimeout 60s --timeout 300s --retries 3 --low-level-retries 10 --stats 1s /home/wizard/software remote:private/software
    rclone cleanup remote:
  fi
swapoff -a && swapon -a
exit 0
Hope this helps -
Thanks, I see

My idea was not having to mess all my scripts too much..I like a lot my own idea of passing the root password throught a secrets functions (invoked with sudo throught a sudoers launcher script), then running the script as a regular user, passing it the root password (PASSADMIN="rootpassword" su user -c Myscript.sh), then execute only once, at the beginning "PASSADMIN | sudo -S" (get password from called funtion), and then inmediatly clean the environment picked root password (unset PASSADMIN).. so none cant intercept the root password environmen..; All thi, keep on in the sameway you had writed down sudo password in keyboard, when you launch script with "sudos" within it as a regular user. But I've read it somewhere, this only works if script flow doesnt get gap times between called sudo, longer than 5 minits (I dont know if this is truth), If that were the case, we could call everytime "PASSADMIN | sudo -S" by using a sudo wrapper funtion like.: sudo () { echo "$ENPGP" | /usr/bin/sudo -S "$@" ; } , that seems to have no problems at all, and avoid you to modify all sudo's in script.

Right Now, Im implementing your way, but using "sudo -u" instead of "su -c", and putting it only in writting operations (where can be changed permissions); Im using an alias funtion called "suser" for (sudo user -c), to get cleanner code, like this.:

btrfshomeupd.sh

Code: Select all

#!/bin/bash
#
if [ $SUDO_USER ]; then
    real_user=$SUDO_USER
else
    real_user=$USER
fi
#function suser { sudo -u "$alias_suser" | suser; }
suser () { sudo -u "$real_user" "$@" ; }

pathsnap=/media/cache/.snapflag
suser touch /media/cache/.snapflag

suser snapper -c home delete  $(cat "$pathsnap")
A=$(suser snapper -c home create -p -d HomeActu)
echo "HomeActualiza con Numero: $A"
suser echo "$A" > "$pathsnap"
So I can run the script both ways,as a user or like admin (with sudoers).

Thanks for help, thanks Wizard :)
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

Post Reply