Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
[Solved]How you Mix in bash script user and root commands?
[Solved]How you Mix in bash script user and root commands?
Hi,
I dont know what is the properly way to get this done;
I need to use in a script some root commands without giving access the user to thoses commands without the scripts....I meant , I dont want to sudoer those commands for the user, only the script..
I have somehing like this.:
script.sh
- user_command1, user_command2
- user_command3
- sudo root_commadn1, sudo root_commadn2
- sudo root_commadn3
------
So, My question is next, How can I run that user script without asking for sudo password (remember, I dont want to sudoer all command in script, only script).
/etc/sudoers
user ALL=(ALL:ALL) NOPASSWD: /home/user/scripts.sh
The problem I have is, If I sudoer the script in order to run it without sudo password, then, all of the within user comand lines are execute as root, and the script will mess a lot of things....
So the only way I found out this to work is by replacing user line commands with su user -c <<commnad>>, but this obligate me to change/edit many lines of all my scripts...
SO I DONT KNOW, HOW TO PROCEED HERE! , any help?, thanks
I dont know what is the properly way to get this done;
I need to use in a script some root commands without giving access the user to thoses commands without the scripts....I meant , I dont want to sudoer those commands for the user, only the script..
I have somehing like this.:
script.sh
- user_command1, user_command2
- user_command3
- sudo root_commadn1, sudo root_commadn2
- sudo root_commadn3
------
So, My question is next, How can I run that user script without asking for sudo password (remember, I dont want to sudoer all command in script, only script).
/etc/sudoers
user ALL=(ALL:ALL) NOPASSWD: /home/user/scripts.sh
The problem I have is, If I sudoer the script in order to run it without sudo password, then, all of the within user comand lines are execute as root, and the script will mess a lot of things....
So the only way I found out this to work is by replacing user line commands with su user -c <<commnad>>, but this obligate me to change/edit many lines of all my scripts...
SO I DONT KNOW, HOW TO PROCEED HERE! , any help?, thanks
Last edited by bester69 on 2019-10-05 18:33, edited 1 time in total.
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...
Re: How do I Mix in bash script user and root commands?
https://superuser.com/questions/1255613 ... ire-script
PERHAPS, I sould replace all sudo words within scripts with :
echo $admpass | sudo -S *COMMAND*
alias sudo="echo 'XddfC^Q=[' | sudo -S"
$sudo admin_command
and create a sudoer scritpt function that query admin password ($admpass) from a secret root file.
PERHAPS, I sould replace all sudo words within scripts with :
echo $admpass | sudo -S *COMMAND*
alias sudo="echo 'XddfC^Q=[' | sudo -S"
$sudo admin_command
and create a sudoer scritpt function that query admin password ($admpass) from a secret root file.
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...
Re: How do I Mix in bash script user and root commands?
Ok,
I think the more properly solituons is sudoers the whole script, and add SUDO -U to use only in user writing operation
So Ive created an alias function named "suser" to use in the same way than sudo but for writing user operations.:
I think the more properly solituons is sudoers the whole script, and add SUDO -U to use only in user writing operation
So Ive created an alias function named "suser" to use in the same way than sudo but for writing user operations.:
#!/bin/bash
#
if [ $SUDO_USER ]; then
real_user=$SUDO_USER
else
real_user=$USER
fi
#function suser { sudo -u "$alias_suser" | suser; }
suser () { sudo -u "$real_user" "$@" ; }
pathsnap=/media/cache/.snapflag
suser touch /media/cache/.snapflag
....
sudo mount -t btrfs -o subvolid=0 /dev/sda2 ./xZZ
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...
Re: [Solved]How you Mix in bash script user and root comman
Hidding sudo(root password) by using restriceted permissions in a plain text file in root system would be a bad idea?CwF wrote:Maybe write out the scripts with an open password, then use shc
>> Im considering using a secrets file with root password within it, and only scritps with sudoers can access/call the root password.
These are the code.:
>>ENPGP grab the sudo password (root)
AnyScript.sh (with sudoer)
Code: Select all
#!/bin/bash
#
export ENPGP=$(sudo ~/scripts/secrets.sh XXYY3)
#function sudo wrapper
sudo () { echo "$ENPGP" | /usr/bin/sudo -S "$@" ; }
-------------
sudo command1
sudo command1
Code: Select all
#!/bin/bash
#
cat /usr/local/share/secrets/secrets|grep $1|awk -F '"' '{print $2}'
Code: Select all
XXYY1 "rstfss9fdsf,rib9"
XXYY2 "cbGGns2" #Para
XXYY4 "sladkjlajd" #Para true
XXYY5 "FcQ6sddJe9S6" #Para true
Last edited by bester69 on 2019-10-05 23:42, edited 2 times in total.
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...
Re: [Solved]How you Mix in bash script user and root comman
Or another develop that seems to be more worthy.:
sritpt_launcher.sh (with sudoer)
It grabs root password and passes to MyUserScript, which run as user permission.
MyUserScript.sh
we execute only once (sudo -S) at the beggining of the script by passing environment root password, then we inmediatly clean for security the environment password (ENGP) , and then, the rest of script is able to use sudo without passing the root password.
This last solution looks pretty great.. , I wonder if it has any inconvenient I dont see right now
sritpt_launcher.sh (with sudoer)
Code: Select all
#!/bin/sh
#
ENGP=$(sudo /home/user/scripts/secrets.sh XXYY7) su user -c "/home/user/scripts/MyUserScript.sh"
MyUserScript.sh
Code: Select all
#!/bin/sh
#
echo "$ENGP" | sudo -S ls
unset ENGP
touch /home/user/without_root.txt
sudo touch /home/user/with_root.txt
This last solution looks pretty great.. , I wonder if it has any inconvenient I dont see right now
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...
-
- Global Moderator
- Posts: 2638
- Joined: 2018-06-20 15:16
- Location: Colorado
- Has thanked: 41 times
- Been thanked: 192 times
Re: [Solved]How you Mix in bash script user and root comman
It would be 'obfuscated'bester69 wrote: CwF wrote:
Maybe write out the scripts with an open password, then use shc
Hidding sudo(root password) by using restriceted permissions in a plain text file in root system would be a bad idea?
https://packages.debian.org/bullseye/shc
Re: [Solved]How you Mix in bash script user and root comman
It sounds very interesting, Im going to give it a look.. I would like to just store my secret passwords file in the compiled script to increase obfuscation, with some kind of "select case decoding", plus sudoers invokingCwF wrote:It would be 'obfuscated'bester69 wrote: CwF wrote:
Maybe write out the scripts with an open password, then use shc
Hidding sudo(root password) by using restriceted permissions in a plain text file in root system would be a bad idea?
https://packages.debian.org/bullseye/shc
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...
-
- Posts: 1100
- Joined: 2016-01-07 12:25
- Has thanked: 5 times
- Been thanked: 16 times
- wizard10000
- Global Moderator
- Posts: 558
- Joined: 2019-04-16 23:15
- Location: southeastern us
- Has thanked: 76 times
- Been thanked: 85 times
Re: [Solved]How you Mix in bash script user and root comman
The way I do it is run the script under the root account and su to an unprivileged user if needed. My backup scripts do this, here's one of them you can use for an example -
Hope this helps -
Code: Select all
#!/bin/bash
su -l wizard -c "/usr/bin/bleachbit -c --preset"
/usr/bin/bleachbit -c --preset
if mountpoint -q /media/internal
then
rsync -aEquX /root /media/internal/laptop/archive --delete
rsync -aEquX /etc /media/internal/laptop/archive --delete
su -l wizard -c "rsync -aEquX --exclude-from=/home/wizard/.config/rsync/exclude /home/wizard /media/internal/laptop/home --delete"
su -l wizard -c "rsync -aEquX 192.168.1.102:/media/external/Videos /media/internal --delete"
su -l wizard -c "rsync -aEquX 192.168.1.102:/media/external/Music /media/internal --delete"
su -l wizard -c "rsync -aEquX --exclude-from=/home/wizard/.config/rsync/exclude 192.168.1.102:/media/external/server /media/internal --delete"
chown -hR wizard:wizard /media/internal
/usr/bin/rclone --config /root/.config/rclone/rclone.conf sync --exclude-from /root/.config/rclone/rclone-exclude --delete-during --drive-use-trash=false --transfers 4 --checkers 8 --contimeout 60s --timeout 300s --retries 3 --low-level-retries 10 --stats 1s /media/internal/laptop remote:private/laptop
/usr/bin/rclone --config /root/.config/rclone/rclone.conf sync --delete-during --drive-use-trash=false --transfers 4 --checkers 8 --contimeout 60s --timeout 300s --retries 3 --low-level-retries 10 --stats 1s /home/wizard/Documents remote:private/documents
/usr/bin/rclone --config /root/.config/rclone/rclone.conf sync --delete-during --copy-links --drive-use-trash=false --transfers 4 --checkers 8 --contimeout 60s --timeout 300s --retries 3 --low-level-retries 10 --stats 1s /home/wizard/software remote:private/software
rclone cleanup remote:
fi
swapoff -a && swapon -a
exit 0
we see things not as they are, but as we are.
-- anais nin
-- anais nin
Re: [Solved]How you Mix in bash script user and root comman
Thanks, I seewizard10000 wrote:The way I do it is run the script under the root account and su to an unprivileged user if needed. My backup scripts do this, here's one of them you can use for an example -Hope this helps -Code: Select all
#!/bin/bash su -l wizard -c "/usr/bin/bleachbit -c --preset" /usr/bin/bleachbit -c --preset if mountpoint -q /media/internal then rsync -aEquX /root /media/internal/laptop/archive --delete rsync -aEquX /etc /media/internal/laptop/archive --delete su -l wizard -c "rsync -aEquX --exclude-from=/home/wizard/.config/rsync/exclude /home/wizard /media/internal/laptop/home --delete" su -l wizard -c "rsync -aEquX 192.168.1.102:/media/external/Videos /media/internal --delete" su -l wizard -c "rsync -aEquX 192.168.1.102:/media/external/Music /media/internal --delete" su -l wizard -c "rsync -aEquX --exclude-from=/home/wizard/.config/rsync/exclude 192.168.1.102:/media/external/server /media/internal --delete" chown -hR wizard:wizard /media/internal /usr/bin/rclone --config /root/.config/rclone/rclone.conf sync --exclude-from /root/.config/rclone/rclone-exclude --delete-during --drive-use-trash=false --transfers 4 --checkers 8 --contimeout 60s --timeout 300s --retries 3 --low-level-retries 10 --stats 1s /media/internal/laptop remote:private/laptop /usr/bin/rclone --config /root/.config/rclone/rclone.conf sync --delete-during --drive-use-trash=false --transfers 4 --checkers 8 --contimeout 60s --timeout 300s --retries 3 --low-level-retries 10 --stats 1s /home/wizard/Documents remote:private/documents /usr/bin/rclone --config /root/.config/rclone/rclone.conf sync --delete-during --copy-links --drive-use-trash=false --transfers 4 --checkers 8 --contimeout 60s --timeout 300s --retries 3 --low-level-retries 10 --stats 1s /home/wizard/software remote:private/software rclone cleanup remote: fi swapoff -a && swapon -a exit 0
My idea was not having to mess all my scripts too much..I like a lot my own idea of passing the root password throught a secrets functions (invoked with sudo throught a sudoers launcher script), then running the script as a regular user, passing it the root password (PASSADMIN="rootpassword" su user -c Myscript.sh), then execute only once, at the beginning "PASSADMIN | sudo -S" (get password from called funtion), and then inmediatly clean the environment picked root password (unset PASSADMIN).. so none cant intercept the root password environmen..; All thi, keep on in the sameway you had writed down sudo password in keyboard, when you launch script with "sudos" within it as a regular user. But I've read it somewhere, this only works if script flow doesnt get gap times between called sudo, longer than 5 minits (I dont know if this is truth), If that were the case, we could call everytime "PASSADMIN | sudo -S" by using a sudo wrapper funtion like.: sudo () { echo "$ENPGP" | /usr/bin/sudo -S "$@" ; } , that seems to have no problems at all, and avoid you to modify all sudo's in script.
Right Now, Im implementing your way, but using "sudo -u" instead of "su -c", and putting it only in writting operations (where can be changed permissions); Im using an alias funtion called "suser" for (sudo user -c), to get cleanner code, like this.:
btrfshomeupd.sh
Code: Select all
#!/bin/bash
#
if [ $SUDO_USER ]; then
real_user=$SUDO_USER
else
real_user=$USER
fi
#function suser { sudo -u "$alias_suser" | suser; }
suser () { sudo -u "$real_user" "$@" ; }
pathsnap=/media/cache/.snapflag
suser touch /media/cache/.snapflag
suser snapper -c home delete $(cat "$pathsnap")
A=$(suser snapper -c home create -p -d HomeActu)
echo "HomeActualiza con Numero: $A"
suser echo "$A" > "$pathsnap"
Thanks for help, thanks Wizard
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...