Using sudo in scripts

Gary Call gcall at starcalif.com
Wed Aug 7 18:34:25 EDT 2002 

Ding..ding...ding!  The light in my head finally turned on.  It is very
clear now, after all of your explanations...

Thank you all for your help!

Gary
 

On Wed, 2002-08-07 at 14:18, Brent Fortman wrote:
> The way you are running it, it appears to be working correctly.  Restated,
> "sudo test.mnu" will execute the entire script as root.  This means, clear,
> echo, ls, ps, mount, and everything in that script file will run as root and
> therefore does not need to be defined in the sudoers file.  The only sudoers
> definition you need is:
> gcall   ALL=/home/gcall/test.mnu
> If you were to attempt to run each command separately, from the command line
> (as root), you would then have to define each command in the sudoers file.
> 
> If you want to allow and deny certain users privilege to run say
> "/bin/mount" from the menu system.  Let the users execute test.mnu from
> their own userid (not using sudo) and then use sudo on each command inside
> the script (as you mentioned doing earlier).
>  
> Brent
> 
> -----Original Message-----
> From: Gary Call [mailto:gcall at starcalif.com] 
> Sent: Wednesday, August 07, 2002 3:38 PM
> To: Brent Fortman
> Cc: 'sudo-users at sudo.ws'
> Subject: RE: Using sudo in scripts
> 
> 
> Okay, maybe I'm an idiot and not doing something correctly, because it
> doesn't seem to work for me :)
> 
> Here is a sample menu script (just for testing)...
> #!/bin/sh
> clear
> 
> echo "---------- TEST Menu ----------"
> echo
> echo
> echo "1. Run \"ls\""
> echo "2. Run \"ps\""
> echo "3. Run \"mount\""
> echo
> echo "Choice: " ; read choice
> echo
> 
> case $choice in
>    1)   ls;;
>    2)   /bin/ps;;
>    3)   /bin/mount;;
> esac
> 
> Here is a sample of my sudoers file:
> gcall   ALL=/home/gcall/test.mnu,/bin/mount
> 
> I execute sudo /home/gcall/test.mnu as user "gcall".  Once in this menu,
> all 3 commands will run without going through sudo.  I *thought* that I
> would be denied ls and ps, but permitted to run mount.
> 
> If I prefix all of the commands with sudo in the script, it then works. 
> Am I doing something wrong, or am I assuming incorrectly that all
> commands in this script would be prefixed with sudo automatically?
> 
> I was hoping to wrap EVERYTHING in the script to use sudo, if I invoked
> the script using sudo ---- make sense??
> 
> Thanks for all your input!
> Gary
> 
> 
> 
> 
> On Wed, 2002-08-07 at 11:01, Brent Fortman wrote:
> > No, you do not have to pre-fix every command with sudo.  Sudo <myscript>
> > will execute all commands in <myscript> as root.
> > 
> > Brent
> > 
> > -----Original Message-----
> > From: Gary Call [mailto:gcall at starcalif.com] 
> > Sent: Wednesday, August 07, 2002 11:38 AM
> > To: sudo-users at sudo.ws
> > Subject: Using sudo in scripts
> > 
> > 
> > This may sound like a basic question, but I have not been able to find
> > an answer anywhere.
> > 
> > Here is my scenario:
> > I need to give "userA" sudo access to a menu driven script.  The menu
> > driven script will execute other system commands (i.e. cpio, tar, mt).
> > 
> > Question:
> > If the user executes the script (using sudo), will all of the other
> > commands (cpio, tar, mt....) be executed with sudo prefixed, or will I
> > need to prefix every command with sudo into the script?
> > 
> > Any help or guidance is greatly appreciated!
> > 
> > Thanks,
> > Gary
> > 
> > ____________________________________________________________ 
> > sudo-users mailing list <sudo-users at sudo.ws>
> > For list information, options, or to unsubscribe, visit:
> > http://www.sudo.ws/mailman/listinfo/sudo-users
>

More information about the sudo-users mailing list