Using sudo in scripts

Paul M. Lambert plambert at plambert.net
Wed Aug 7 17:16:42 EDT 2002 

I'm afraid this makes no sense at all.

When you run something under sudo that thing runs as root.

The script below is running as root.  Not the user that ran sudo.  Think
very hard about that.

This means that anything the script runs, also runs as root.

Sudo doesn't magically go into scripts and try to figure out your
intentions.  Sudo runs its argument as another user, usually root.

Log in as root.  Run the script below.  What do you expect to happen?

That's exactly what will happen if you use sudo to run the script as
root.  Period.  Stop thinking of what you're _trying_ to do, and start
thinking of what you're actually doing.  A good tutorial on how
UNIX works (something that covers "what is a shell?" and similar topics)
might really help.

Good luck!

--Paul M. Lambert

On Wed, 07 Aug 2002, Gary Call wrote:

> Okay, maybe I'm an idiot and not doing something correctly, because it
> doesn't seem to work for me :)
> 
> Here is a sample menu script (just for testing)...
> #!/bin/sh
> clear
> 
> echo "---------- TEST Menu ----------"
> echo
> echo
> echo "1. Run \"ls\""
> echo "2. Run \"ps\""
> echo "3. Run \"mount\""
> echo
> echo "Choice: " ; read choice
> echo
> 
> case $choice in
>    1)   ls;;
>    2)   /bin/ps;;
>    3)   /bin/mount;;
> esac
> 
> Here is a sample of my sudoers file:
> gcall   ALL=/home/gcall/test.mnu,/bin/mount
> 
> I execute sudo /home/gcall/test.mnu as user "gcall".  Once in this menu,
> all 3 commands will run without going through sudo.  I *thought* that I
> would be denied ls and ps, but permitted to run mount.
> 
> If I prefix all of the commands with sudo in the script, it then works. 
> Am I doing something wrong, or am I assuming incorrectly that all
> commands in this script would be prefixed with sudo automatically?
> 
> I was hoping to wrap EVERYTHING in the script to use sudo, if I invoked
> the script using sudo ---- make sense??
> 
> Thanks for all your input!
> Gary
> 
> 
> 
> 
> On Wed, 2002-08-07 at 11:01, Brent Fortman wrote:
> > No, you do not have to pre-fix every command with sudo.  Sudo <myscript>
> > will execute all commands in <myscript> as root.
> > 
> > Brent
> > 
> > -----Original Message-----
> > From: Gary Call [mailto:gcall at starcalif.com] 
> > Sent: Wednesday, August 07, 2002 11:38 AM
> > To: sudo-users at sudo.ws
> > Subject: Using sudo in scripts
> > 
> > 
> > This may sound like a basic question, but I have not been able to find
> > an answer anywhere.
> > 
> > Here is my scenario:
> > I need to give "userA" sudo access to a menu driven script.  The menu
> > driven script will execute other system commands (i.e. cpio, tar, mt).
> > 
> > Question:
> > If the user executes the script (using sudo), will all of the other
> > commands (cpio, tar, mt....) be executed with sudo prefixed, or will I
> > need to prefix every command with sudo into the script?
> > 
> > Any help or guidance is greatly appreciated!
> > 
> > Thanks,
> > Gary
> > 
> > ____________________________________________________________ 
> > sudo-users mailing list <sudo-users at sudo.ws>
> > For list information, options, or to unsubscribe, visit:
> > http://www.sudo.ws/mailman/listinfo/sudo-users
> 
> 
> ____________________________________________________________ 
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users

More information about the sudo-users mailing list