Read all files on a given system? (sudo wrapper/sudo shell)

Thu May 16 15:38:21 EDT 2002

Hi, folks –

I’ve been using sudo for some time with great success.  However, I’ve now got something sudo can’t do.  It’s even addressed in the sudo man page:

-----
To make a usage listing of the directories in the /home partition.
Note that this runs the commands in a sub-shell to make the cd and
file redirection work.

% sudo sh -c "cd /home ; du -s * | sort -rn > USAGE"
-----

I’ve been hacking on osh, but I was wondering if there is a way to give read (but not write) access to an entire system, for a single account.  In the process I’ve written a wrapper shell to handle the issue.  What are the issues that might come up with the script below?  Improvements (docs, yes … others, maybe)?  Would it be easily done to apply this ksh logic to build in an internal ‘shell’ for sudo?  osh looked so promising, even if it wasn’t up to the same standard as sudo.  It would bring me great satisfaction to do something like:

$sudo –s
sudo>cd /etc
sudo>rvi shadow
sudo>exit

And, if I could get tab completion, I would simply be in heaven.

Thoughts?  Should I take this to the developer list?  My c-language programming is really rusty.

A. Daniel King, System Analyst
Fiserv - Atlanta Center
1475 Peachtree Street, NE - Suite 700
Atlanta, GA 30309
404-873-2851 x2034

----- Script begins:

#!/usr/bin/ksh

# dsh by A. Daniel King; A sudo wrapper or  sudo shell

for x in HUP INT QUIT KILL TERM STOP TSTP CONT
do
        trap 'echo You cannot escape.' SIG$x
done

workingdir=`/usr/bin/pwd`

# Here is where the cd code is:
function execute {

        [ "$1" = "" ] && return

        if [ $1 = "cd" ]
        then
                # Add code for cd here:
                export workingdir=`/usr/local/bin/sudo /usr/bin/sh -c " cd $workingdir ; $* ; /usr/bin/pwd"`
        else
                # Run actual commands here:
                /usr/local/bin/sudo /usr/bin/sh -c "cd $workingdir ; $*"
        fi

}

x=""
while [[ "$x" != "exit" ]]
do
        printf "%s>" $workingdir
        read x

        # Read the command into an array:
        counter=0
        max=0
        for item in $x
        do
                array[$counter]=$item
                (( counter = counter + 1 ))
                max=$counter
        done

        # Parse the output for individual commands ...
        counter=0
        while (( counter <= max ))
        do
                # If we have a full command, then run it; if not continue adding to the command:
                if [[ ( "${array[$counter]}" = ";" ) || ( $counter = $max ) ]]
                then
                        command=$command" "${array[$counter]}
                        array[$counter]=""
                        execute $command
                        command=""
                else
                        command=$command" "${array[$counter]}
                        array[$counter]=""
                fi
                (( counter = counter + 1 ))
        done

done