Page 1 of 4 123 ... LastLast
Results 1 to 10 of 32

Thread: Make executable bash script run with sudo privileges?

  1. #1
    Join Date
    Jan 2020
    Beans
    20

    Make executable bash script run with sudo privileges?

    EDIT:

    1) First off, yes, I'm aware that this is a bad security practice and I should not make a habit out of doing this, and I realize I should try to limit the scope of these privileges as much as possible.

    2) I've also read the sudoers manpages and visudo manpages, as mentioned in the askubuntu post.

    3) If any of you are askubuntu users, I've placed a bounty (my first) on my question there. So feel free to comment there if you have a suggestion to answer my question.



    (Original post below)
    __________________________________________

    Ubuntu 18.04 Gnome de.

    I made a simple bash script file that flags my next reboot to choose the windows grub entry. For quick rebooting into windows straight from Linux DE. Here it is:


    Code:
    #!/bin/bash
    sudo grub-reboot 2
    sudo reboot now

    The problem is I have to use dconf to modify executable files to ask, so I can click run in terminal where it automatically asks for password. Otherwise, just executing the file does nothing, bc it's waiting for a password input.

    Is there a way to run a bash script file like this with inherent sudo privileges so it doesn't need to ask for a password? I want to be able to double click the executable on my desktop or a shortcut to it, and have it execute without need for a password or prompt for password.

    bash script file is named restart2windows and is located on my desktop:

    Code:
    /home/myusername/Desktop/restart2windows
    So would I just need to add this following lime to the /etc/sudoers file via sudo visudo?:

    Code:
    myusername     mymachinename = NOPASSWD: /home/myusername/Desktop/restart2windows
    Last edited by bingbong6; 4 Days Ago at 12:58 PM.

  2. #2
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    14,687
    Distro
    Kubuntu Development Release

    Re: Make executable bash script run with sudo privileges?

    You can remove the "sudo" from the commands, then run the whole script with sudo from the command prompt. You'll still need a password though. I haven't played around with sudoers enough to know how to avoid a password entirely.
    If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  3. #3
    Join Date
    Jan 2020
    Beans
    20

    Re: Make executable bash script run with sudo privileges?

    yeah I know I can do that, but my intent is to just double click that executable and have it reboot to windows. I know I'm being picky, but it would be useful to learn anyway.

  4. #4
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Make executable bash script run with sudo privileges?

    There's a NOPASSWD option.
    When modifying the sudoers with nopasswd, be certain you
    * don't lock yourself out
    * only impact the exact command you want to impact
    * restrict the options to only those which are actually desired, not every possible option
    * only impact a single userid, not all of them

    In general, setting up nopasswd with a script that isn't owned and protected by root is considered poor security. The script needs to be in /root/bin/ , IMHO.

    As to how to make it work with a mouse, I wouldn't know.
    The sudoers manpage is a work of art, IMHO.
    Code:
    ...
         PASSWD and NOPASSWD
    
           By default, sudo requires that a user authenticate him or herself
           before running a command.  This behavior can be modified via the
           NOPASSWD tag.  Like a Runas_Spec, the NOPASSWD tag sets a default for
           the commands that follow it in the Cmnd_Spec_List.  Conversely, the
           PASSWD tag can be used to reverse things.  For example:
    
           ray     rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm
    ....

  5. #5
    Join Date
    Jan 2020
    Beans
    20

    Re: Make executable bash script run with sudo privileges?

    @TheFu I guess I should have stated that I am indeed aware of the "bad" security practice of doing this. I'm also aware, that if I am going to do this, I should try to limit the scope to the bare minimum of what I need it to do. The guy from the askubuntu thread said the same thing. He also pointed me to the manpages of which I have since read. I will edit my post to reflect this.

    That said, I tried to follow the manpages but it still will not work as intended.

    But you don't know the answer to my question?

  6. #6
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Make executable bash script run with sudo privileges?

    Quote Originally Posted by bingbong6 View Post
    @TheFu I guess I should have stated that I am indeed aware of the "bad" security practice of doing this. I'm also aware, that if I am going to do this, I should try to limit the scope to the bare minimum of what I need it to do. The guy from the askubuntu thread said the same thing. He also pointed me to the manpages of which I have since read. I will edit my post to reflect this.

    That said, I tried to follow the manpages but it still will not work as intended.

    But you don't know the answer to my question?
    Was the script fixed by placing it into /root/bin/, chmod 700 the file, ensure the file is owned by root, remove the sudo commands from inside it and use full paths to the 2 commands?

    "not working as intended" isn't clear. What, exactly, does that mean? Please assume we cannot read minds. Also, showing the real, exact, line that you put into the sudoers would help - as would using code tags. The `` don't work here.

  7. #7
    Join Date
    Jan 2020
    Beans
    20

    Re: Make executable bash script run with sudo privileges?

    I want to double click the executable or Shortcut to it and have it execute with no further input. I thought I stated that in the original post but I guess I didn't.

    I will have to try that suggestion after work to tomorrow night. Thank you

    I'll edit the line of code I put into the sudoers file, with code tags. I assumed this place used markdown like the rest of the internet....

    Edit: from the askubuntu post :

    The path of grub-reboot command. Not the path to a script on your Desktop. To find the path of a command: which *name of command*, for example: which grub-reboot. Will return: /usr/sbin/grub-reboot. That is the PATH to apply in you sudoers file . The path to the command you intend to use in your script
    So with that suggestion, would you still advise moving the script file to the root/bin/ directory?
    Last edited by bingbong6; 4 Days Ago at 06:14 AM.

  8. #8
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Make executable bash script run with sudo privileges?

    I've made recommendations already. I think you should follow them, but only you can decide that.

    I don't use markdown anywhere. I'm a texttile user. Regardless, forums seldom support markdown, IME. They use something called "bb-code". Thanks for the code tags. That makes things clearer.

    /root/bin/
    is not the same as
    root/bin/

    Please ensure you understand the difference or this solution will be impossible to implement.

    Yes, you were clear that you wanted to point-n-click to accomplish this. Should I not attempt to help because I only know 2 of the 3 parts to the solution? Plus, I think the parts I know about are more difficult than that last part. All 3 parts are required.

  9. #9
    Join Date
    Jan 2006
    Location
    Sunny Southend-on-Sea
    Beans
    7,203
    Distro
    Kubuntu 18.04 Bionic Beaver

    Re: Make executable bash script run with sudo privileges?

    Quote Originally Posted by TheFu View Post
    Yes, you were clear that you wanted to point-n-click to accomplish this. Should I not attempt to help because I only know 2 of the 3 parts to the solution? Plus, I think the parts I know about are more difficult than that last part. All 3 parts are required.
    The last part is trivial once there's a command and permissions that work. Launchers to run a command when you click on them are just .desktop files - simple text files.
    None but ourselves can free our minds

  10. #10
    Join Date
    Jan 2006
    Location
    Sunny Southend-on-Sea
    Beans
    7,203
    Distro
    Kubuntu 18.04 Bionic Beaver

    Re: Make executable bash script run with sudo privileges?

    Quote Originally Posted by bingbong6 View Post
    So with that suggestion, would you still advise moving the script file to the root/bin/ directory?
    For clarity, TheFu's (sensible) suggestion is orthogonal to the actual function.

    /root is the root user's Home directory, and will be on the same partition as / even if /home is on a different partition, which is useful should things go pear-shaped at any point. This is standard practice going back decades.

    The various bin directories are where programs to be executed ("binaries") live. Again, going back decades.

    In general, but especially when dealing with security, it is very important to keep things organised, so that you don't forget something critical. This script that you want to run is something that you want to run as root, so putting it in root's bin directory is a sensible way to remember what it's for, and to restrict write access to it. You wouldn't want untrusted users, or malicious external parties, to be able to fiddle with it.

    For the function of your script, it would be the commands inside it that you would need to be able to run as root with no password. You should also specify within that script the full paths to the commands that you want to run, as TheFu says, so that no one can substitute a different file with the same name instead.
    Last edited by CatKiller; 4 Days Ago at 08:05 PM.

Page 1 of 4 123 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •