Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Bash sudo and zenity --password

  1. #1
    Join Date
    Aug 2008
    Location
    Sweden
    Beans
    305
    Distro
    Ubuntu 14.04 Trusty Tahr

    Bash sudo and zenity --password

    Writing an installation-script for Minecraft, been trying to get the user to input password, check password and on wrong password as if the user would like to try again or abort. Finally came up with what seems a working solution (for adding a entry to the application-menu), but now I wonder if this unsafe in any way? Is there a better solution?


    Code:
      while ! zenity --password| sudo -S cat /dev/null >/dev/null; do
        if $(zenity --question --text="Wrong password, would you like to cancel the installation?"); then
          echo "no app-entry made, returning"
          return;
        fi
      done
        echo "$appEntry" | sudo -S tee ${launcher}
        sudo -K # remove privilege
    where appEntry is the text, launcher is the file.

    I might add that I would like to use zenity, not gksu or similar.

    Thanks
    Last edited by DarkAmbient; September 4th, 2012 at 02:09 PM.
    This is my signature

  2. #2

    Re: Bash sudo and zenity --password

    What logically happens when the user-run install script gets to:
    Code:
    sudo -S cat /dev/null >/dev/null; do
    ?
    shellshock.conf for fail2ban - Tested on fail2ban 0.8.10

  3. #3
    Join Date
    Aug 2008
    Location
    Sweden
    Beans
    305
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Bash sudo and zenity --password

    Ok, the way I've understood things.. correct me if I'm wrong, I'm still kinda new to bash.

    The -S parameter with sudo tells sudo to read password from the stdin. And cat /dev/null > /dev/null really doesent do anything other than acting as a dummy to use with sudo, or atleast thats my guess. Found it like that one some site

    I guess using
    Code:
    while ! zenity --password | sudo -S echo ''; do
    (or something similar) does just about the same, or is there any difference?
    This is my signature

  4. #4
    Join Date
    Feb 2007
    Location
    Romania
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Bash sudo and zenity --password

    Use gksu or pkexec. It is NOT your job (as the writer of the script) to decide how many times the user is allowed to re-type the password.

  5. #5
    Join Date
    Aug 2008
    Location
    Sweden
    Beans
    305
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Bash sudo and zenity --password

    Quote Originally Posted by sisco311 View Post
    Use gksu or pkexec. It is NOT your job (as the writer of the script) to decide how many times the user is allowed to re-type the password.
    Point taken, I'll use gksu instead. gksu comes with Ubuntu as default right?
    This is my signature

  6. #6

    Re: Bash sudo and zenity --password

    Quote Originally Posted by DarkAmbient View Post
    ...correct me if I'm wrong, I'm still kinda new to bash.
    No, but I'll give you props for reading the man file.

    Quote Originally Posted by DarkAmbient View Post
    The -S parameter with sudo tells sudo to read password from the stdin...
    You missed it...the script assumes the user has sudo privs...
    Did you intend that?

    unless Wed Sep 05, 2012 - 6:40:03 AM EDT is too early to be reading forum posts?

    I'd have to defer to whatever sisco311 says, he's a master.

    Subscribed with interest,
    shellshock.conf for fail2ban - Tested on fail2ban 0.8.10

  7. #7
    Join Date
    Aug 2008
    Location
    Sweden
    Beans
    305
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Bash sudo and zenity --password

    haha thank you

    Hm, I'm not following, what I've read about /dev/null is that it's a "special-file" that empties output thrown at it.

    Knowing that, I really didn't think that anything special would happen with "cat /dev/null > /dev/null", do you mean we assume the user has sudo-privileges because of that part, or because of the "sudo -S"?

    Soo slow after a 9h-workday, sorry... ><
    This is my signature

  8. #8

    Re: Bash sudo and zenity --password

    Well. I am going to back away from the keyboard on this one and let you resume your quest uninterrupted by me.

    Have a Great Day!
    shellshock.conf for fail2ban - Tested on fail2ban 0.8.10

  9. #9
    Join Date
    May 2008
    Location
    United Kingdom
    Beans
    4,265
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Bash sudo and zenity --password

    I'll weigh in on this, because I've spotted a couple of things.

    • Rather than use cat >/dev/null as your null process, use something much simpler. The null command, which is just a colon (":"), is ideal, but it doesn't work for sudo (it doesn't like built-in commands), so then I use [ 1 ].


    • I agree with sisco311; use gksudo, as it is designed for that purpose. (BTW, I would suggest gksudo rather than gksu.) You can, of course, use zenity instead of gksudo, but I think it's safer to use gksudo because of its design.


    Here is how I prompt for the user's password. Adapt it to suit your purposes.

    Code:
    # Prompt for the password. Replace "the process" with a meaningful message.
    SUDOPASSWORD="$( gksudo --print-pass --message 'Provide permission for the process. Type your password, or press Cancel.' -- : 2>/dev/null )"
    
     # Check for null entry or cancellation.
    if [[ ${?} != 0 || -z ${SUDOPASSWORD} ]]
    then
        # Add a zenity message here if you want.
        exit 4
    fi
    
     # Check that the password is valid.
    if ! sudo -kSp '' [ 1 ] <<<"${SUDOPASSWORD}" 2>/dev/null
    then
        # Add a zenity message here if you want.
        exit 4
    fi
    Now you can just use the password in your sudo command. You'll notice that I used a Here String instead of a pipe:
    Code:
    sudo -Sp '' -- tee "${launcher}" <<<"${SUDOPASSWORD}"
    I have to say that I'm not sure what will happen with tee, as the input (stdin) will be the sudo password. What were you trying to do with tee?
    Problems with WINE?
    Full Circle Magazine :: Confused "allot"? :: Cheap Linux stickers
    In my day, we had outdoors in which to run, play, and socialise. Now we have computers to do those.

  10. #10
    Join Date
    May 2008
    Location
    United Kingdom
    Beans
    4,265
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Bash sudo and zenity --password

    Of course, you could bypass all that complication by just using gksudo for the command itself:
    Code:
    gksudo --message 'Provide permission for the process. Type your password, or press Cancel.' -- tee "${launcher}"
    Problems with WINE?
    Full Circle Magazine :: Confused "allot"? :: Cheap Linux stickers
    In my day, we had outdoors in which to run, play, and socialise. Now we have computers to do those.

Page 1 of 2 12 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •