Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 32

Thread: Make executable bash script run with sudo privileges?

  1. #11
    Join Date
    Jan 2006
    Location
    Sunny Southend-on-Sea
    Beans
    7,203
    Distro
    Kubuntu 18.04 Bionic Beaver

    Re: Make executable bash script run with sudo privileges?

    Quote Originally Posted by bingbong6 View Post
    The problem is I have to use dconf to modify executable files to ask, so I can click run in terminal where it automatically asks for password. Otherwise, just executing the file does nothing, bc it's waiting for a password input.
    Again, orthogonal to the answers you've had about the permissions side of things, both of these are simple to solve. If you have a launcher that runs your script, which is sensible, running it in a terminal is a simple flag (Terminal=true), but even better would be to use PolicyKit (the replacement for both gksudo and kdesu) instead of sudo by running pkexec <command that you want to run>. That pops up the same password dialogue that you get when, for example, updating software.
    None but ourselves can free our minds

  2. #12
    Join Date
    Jan 2020
    Beans
    20

    Re: Make executable bash script run with sudo privileges?

    @CatKiller Thanks for the clarifications and explanations! Couple questions:

    1. regarding TheFu's suggestion to place the script in:
    Code:
    /root/bin
    wouldn't I put it in
    Code:
     /root/sbin
    since from my research, sbin is meant for binaries that have root only privileges?

    2. The suggestion of placing the full file path of those commands, in my script; how would I designate which grub entry to boot to? I have edited it to:

    Code:
    #!/bin/bash
    /usr/sbin/grub-reboot
    /sbin/reboot
    but I need to set it to choose grub option 2 (windows boot entry).

    Thanks for explaining the necessity and logic of placing this type of file in the /root/bin (should be /root/sbin ?) that makes complete sense.

  3. #13
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Make executable bash script run with sudo privileges?

    Somewhere under /root/ is what is important. There's nothing special in a HOME directory, so most userids don't have bin/ and sbin/ subdirs. Either will pre-exist, so you'll need to mkdir anyways. If you look at /root permissions, you'll see why it just doesn't matter, assuming a basic understanding of permissions exists.

    If you want to talk about /usr/local/bin vs /usr/local/sbin, then you have nailed it. I would definitely place an admin tool that I built by hand, not through a package, in /usr/local/sbin/ if I intended for all admins on the box to have access. When it comes to scripts that can harm a system, then I want it to be harder to run, hence the /root/bin/ recommendation. Nobody can run it without sudo AND they will need to know the exact filename + path to access it.

    Seems you may have missed some prior knowledge that an admin would need to know. http://linuxcommand.org/tlcl.php

  4. #14
    Join Date
    Jan 2020
    Beans
    20

    Re: Make executable bash script run with sudo privileges?

    EDIT: I was able to create a symlink to the file and move it to my desktop and execute it by double clicking it. It immediately reboots, but again, not sure how to designate the grub-reboot full path command, to select entry 2....

    ORIGINAL POST FOLLOWS:

    @TheFu thanks for explaining the different use cases of /root/bin/ vs /usr/local/bin and /usr/local/sbin

    Yeah I'm still learning and I've been working through linuxjourney.com but I will also check out that book (linuxcommand.org) as well, thanks.

    I'm working through this and almost have it, but I'm just stuck on how to designate the grub-reboot command to choose entry 2, when executing it as it's full file path. I'll explain below:


    I went ahead and made the changes to the sudoers file via sudo visudo as follows:


    Code:
    #includedir /etc/sudoers.d
    myusername     mymachinename = NOPASSWD: /usr/sbin/grub-reboot, /sbin/reboot

    those command locations were determined by running:


    Code:
    which grub-reboot
    which reboot

    THEN I left my script file on my desktop (for testing purposes), and left it to read:


    Code:
    #!/bin/bash
    grub-reboot 2
    reboot now

    and choose to RUN it at the prompt, and it works! It reboots and selects entry 2 (windows).


    BUT, I'd still like to do this the right way with the proper security you've mentioned:


    I tried changing the commands to:


    Code:
    #!/bin/bash
    /usr/sbin/grub-reboot
    /sbin/reboot

    Wasn't sure how to tell it to choose entry 2 with the grub-reboot command. Read some manpages about grub-reboot and it mentioned using greater than symbol (>) after the command with no spaces, followed by the grub entry. This did not work, it still chose the default entry 0. Perhaps I was doing it wrong. I tried

    Code:
    /usr/sbin/grub-reboot>2
    and

    Code:
    /usr/sbin/grub-reboot >2


    and

    Code:
    /usr/sbin/grub-reboot> 2



    No luck.



    But I still then moved it to:


    Code:
    /root/bin/

    and set the file to have permission 700 with:


    Code:
    chmod 700 bin

    Then I wasn't sure what to do or how to run it from there. I want to double click a file or shortcut on my desktop, but I'm not sure how to link that file to my desktop. Perhaps with symlinks as outlined here can't use hardlinks because my /home directory is on it's own partition separate from /

    so my outstanding questions now are:

    1) How to point the full path to the grub-reboot command to use grub entry 2, and

    2) how to execute the executable from an icon/file on my desktop (with symlinks? about to try that)
    Last edited by bingbong6; 3 Days Ago at 03:10 AM. Reason: solved second question listed at bottom

  5. #15
    Join Date
    Jan 2006
    Location
    Sunny Southend-on-Sea
    Beans
    7,203
    Distro
    Kubuntu 18.04 Bionic Beaver

    Re: Make executable bash script run with sudo privileges?

    Quote Originally Posted by bingbong6 View Post
    Wasn't sure how to tell it to choose entry 2 with the grub-reboot command.
    You already know how to do that:

    Code:
    #!/bin/bash
    grub-reboot 2
    reboot now

    and choose to RUN it at the prompt, and it works! It reboots and selects entry 2 (windows).
    When specifying the full path to grub-reboot rather than having the shell expand it for you the syntax doesn't change. You've apparently already established that the simple 2 is what works for you.

    I was able to create a symlink to the file and move it to my desktop and execute it by double clicking it.
    Eesh, that's horrible. What if you wanted to run it from your panel, or a dock, or a menu? What if you wanted it to look different? Or to have a descriptive name?

    A .desktop file is what you're after rather than a symlink to the file, as I said upthread. You can just drag and drop one of the entries from your menu into a text editor to see the structure, and there are plenty of guides about, as well as the specification of the format.

  6. #16
    Join Date
    Jan 2020
    Beans
    20

    Re: Make executable bash script run with sudo privileges?

    @CatKiller

    I thought you guys said to change it to the full path so it couldn't be changed and exploited? Or did you mean changing it so that I didn't need sudo so that someone couldn't just swap out the command following sudo?

    Well, I somehow broke that symlink and now I can't recreate it. Says it's owned by root and has a big red x on the icon. When I double click it now, it says it's a broken symlink and tells me to delete it. Weird.

    Not sure what entries nor what menu you're referring to, but I did find several guides. I will try that instead.

  7. #17
    Join Date
    Jan 2020
    Beans
    20

    Re: Make executable bash script run with sudo privileges?

    Yeah so I'm done with this. I just accidentally deleted my bin folder. I thought I was in /root/ but it was /. Only difference on command line was ~ VS /.

    So in the future, if I try this again, I will NOT make another bin folder within my root folder.

    I do have a full system backup. But I was hoping that I could just restore the root partition. I have timeshift setup to backup rsync snapshots of / partition and /home partition.

    I know we're off topic but I have your attention and would appreciate a suggestion. I cant login so I'm booting from a live disk and seeing if I can either copy the bin folder over from my backup, or do it through timeshift on the live disk

  8. #18
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Make executable bash script run with sudo privileges?

    Sorta disconnected stuff follows ....

    Code:
    myusername     mymachinename = NOPASSWD: /usr/sbin/grub-reboot, /sbin/reboot
    shouldn't work. Is your username really "myusername" and the hostname really "mymachinename"?

    You are trying to do something that normally wouldn't come up until the 2nd year being an admin. Please recognize that skipping over the year as a normal user, becoming a power user, then a full year as a working admin would teach the basic skills which seem to be missing. Avoiding issues is always better, than having to fix it later.

    I wouldn't have put grub-reboot or reboot into the sudoers file when I only wanted this 1, single, shell script to be used. Would have put the full-path to the script in /root/bin/whatever-you-call-it there. OTOH, there are 50-500 different solutions.
    Code:
    #!/bin/bash
    /usr/sbin/grub-reboot 2
    /sbin/reboot now
    Though I thought reboot was deprecated and I'd probably use /sbin/shutdown -r now instead. Looking on one my my servers,
    Code:
    $ ll /sbin/shutdown /sbin/reboot 
    lrwxrwxrwx 1 root root 14 Nov 26 17:34 /sbin/reboot -> /bin/systemctl*
    lrwxrwxrwx 1 root root 14 Nov 26 17:34 /sbin/shutdown -> /bin/systemctl*
    so both are deprecated and we should be using systemctl with specific options, it seems. That would complicate your sudoers file, but not mine. Allowing systemctl to be run with any available options could be really bad. Terrible. Lots of power in that command to which I wouldn't want just any casual admin to have access.

  9. #19
    Join Date
    Jan 2020
    Beans
    20

    Re: Make executable bash script run with sudo privileges?

    Yeah I'm giving up on this and just manually typing it in the terminal with sudo and password. Just thought this would be a learning opportunity. I do appreciate your help thus far. I'm definitely getting in over my head. Better to save this sort of experimenting for on my rpi that I can just swap out the sd card for tinkering and learning.


    I did learn some stuff though. Like not to make a /root/bin directory or rather, not to make it and then try to delete it since it's eery easy to misread where you are currently at in the terminal... Please take a look at my other comment just before yours.......

  10. #20
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Make executable bash script run with sudo privileges?

    Quote Originally Posted by bingbong6 View Post
    I know we're off topic but I have your attention and would appreciate a suggestion. I cant login so I'm booting from a live disk and seeing if I can either copy the bin folder over from my backup, or do it through timeshift on the live disk
    50% of a backup is the data. The other 50% is the owner, group, permissions, any ACLs. If you don't have 100% in your backup data and know how to restore is all, then
    a) you need better backups
    b) you need to learn to restore so all that is retained

    I don't use timeshift and have never looked at it. Sorry. Can't help.

    I use rdiff-backup and have 90-180 days of versioned backups for all my systems. About once a year, I'll do something stupid and need to restore a file, directory or maybe entire system. Every few years, a HDD will fail, so I get to restore 1 or 15 systems. Just depends on how many virtual machines are on the disk.
    When I was a really new admin, I wrote a tiny script to clean up some cache files. Unfortunately, it found / (the file system root) and did a recursive delete of the entire OS. Fortunately, I had a cdrom in /cdrom and all the failures to delete jumped out at me. Also, I'd just make a ufsdump the night before, so I had a clean backup. But I didn't have a clue how to restore it and didn't have a working system that could boot. It wasn't linux, it was Solaris on a $50K workstation. A $25 book had all I needed to know. About 2 hrs later, the system was restored and everyone using that system in the company was none-the-wiser.

    My point is that you aren't the first and won't be the last to make a mistake and need to fix it. We all have those scars. Having excellent backups does let me take more chances than I would have without them.

Page 2 of 4 FirstFirst 1234 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •