Bash sudo and zenity --password
Writing an installation-script for Minecraft, been trying to get the user to input password, check password and on wrong password as if the user would like to try again or abort. Finally came up with what seems a working solution (for adding a entry to the application-menu), but now I wonder if this unsafe in any way? Is there a better solution?
Code:
while ! zenity --password| sudo -S cat /dev/null >/dev/null; do
if $(zenity --question --text="Wrong password, would you like to cancel the installation?"); then
echo "no app-entry made, returning"
return;
fi
done
echo "$appEntry" | sudo -S tee ${launcher}
sudo -K # remove privilege
where appEntry is the text, launcher is the file.
I might add that I would like to use zenity, not gksu or similar.
Thanks
Re: Bash sudo and zenity --password
What logically happens when the user-run install script gets to:
Code:
sudo -S cat /dev/null >/dev/null; do
?
Re: Bash sudo and zenity --password
Ok, the way I've understood things.. correct me if I'm wrong, I'm still kinda new to bash.
The -S parameter with sudo tells sudo to read password from the stdin. And cat /dev/null > /dev/null really doesent do anything other than acting as a dummy to use with sudo, or atleast thats my guess. Found it like that one some site :redface:
I guess using
Code:
while ! zenity --password | sudo -S echo ''; do
(or something similar) does just about the same, or is there any difference?
Re: Bash sudo and zenity --password
Use gksu or pkexec. It is NOT your job (as the writer of the script) to decide how many times the user is allowed to re-type the password.
Re: Bash sudo and zenity --password
Quote:
Originally Posted by
sisco311
Use gksu or pkexec. It is NOT your job (as the writer of the script) to decide how many times the user is allowed to re-type the password.
Point taken, I'll use gksu instead. gksu comes with Ubuntu as default right?
Re: Bash sudo and zenity --password
Quote:
Originally Posted by
DarkAmbient
...correct me if I'm wrong, I'm still kinda new to bash.
No, but I'll give you props for reading the man file. :)
Quote:
Originally Posted by
DarkAmbient
The -S parameter with sudo tells sudo to read password from the stdin...
You missed it...the script assumes the user has sudo privs...
Did you intend that?
unless Wed Sep 05, 2012 - 6:40:03 AM EDT is too early to be reading forum posts?
I'd have to defer to whatever sisco311 says, he's a master.
Subscribed with interest,
Re: Bash sudo and zenity --password
haha thank you :)
Hm, I'm not following, what I've read about /dev/null is that it's a "special-file" that empties output thrown at it.
Knowing that, I really didn't think that anything special would happen with "cat /dev/null > /dev/null", do you mean we assume the user has sudo-privileges because of that part, or because of the "sudo -S"?
Soo slow after a 9h-workday, sorry... ><
Re: Bash sudo and zenity --password
Well. I am going to back away from the keyboard on this one and let you resume your quest uninterrupted by me.
Have a Great Day!
Re: Bash sudo and zenity --password
I'll weigh in on this, because I've spotted a couple of things.
- Rather than use cat >/dev/null as your null process, use something much simpler. The null command, which is just a colon (":"), is ideal, but it doesn't work for sudo (it doesn't like built-in commands), so then I use [ 1 ].
- I agree with sisco311; use gksudo, as it is designed for that purpose. (BTW, I would suggest gksudo rather than gksu.) You can, of course, use zenity instead of gksudo, but I think it's safer to use gksudo because of its design.
Here is how I prompt for the user's password. Adapt it to suit your purposes.
Code:
# Prompt for the password. Replace "the process" with a meaningful message.
SUDOPASSWORD="$( gksudo --print-pass --message 'Provide permission for the process. Type your password, or press Cancel.' -- : 2>/dev/null )"
# Check for null entry or cancellation.
if [[ ${?} != 0 || -z ${SUDOPASSWORD} ]]
then
# Add a zenity message here if you want.
exit 4
fi
# Check that the password is valid.
if ! sudo -kSp '' [ 1 ] <<<"${SUDOPASSWORD}" 2>/dev/null
then
# Add a zenity message here if you want.
exit 4
fi
Now you can just use the password in your sudo command. You'll notice that I used a Here String instead of a pipe:
Code:
sudo -Sp '' -- tee "${launcher}" <<<"${SUDOPASSWORD}"
I have to say that I'm not sure what will happen with tee, as the input (stdin) will be the sudo password. What were you trying to do with tee?
Re: Bash sudo and zenity --password
Of course, you could bypass all that complication by just using gksudo for the command itself:
Code:
gksudo --message 'Provide permission for the process. Type your password, or press Cancel.' -- tee "${launcher}"
