Register
It is currently Wed Oct 22, 2014 12:21 am

'su' continued...


All times are UTC - 6 hours


Post new topic Reply to topic  [ 24 posts ] 
Author Message
 PostPosted: Sun Oct 22, 2006 5:22 pm   

Joined: Tue Oct 10, 2006 5:44 pm
Posts: 21
Location: Brighton, Michigan
I've been goofing around with 'su' in a script but I'm getting nowhere fast.
I'm trying to get the script to get the root password in order to continue on
in the script, but I'm getting errors. I just used a bash spinner script to try
this on.

If I give it the wrong password, it prints the error message and then exits.
If I enter the correct password, it changes the UID to 0 and then takes me
to 'roots' bash prompt. At roots bash prompt, I then type 'exit' and then it
prints out the error message from the script. I don't want that...I want it to
continue on to perform the function.

Code:

#!/bin/bash

# Just for fun

printf 'Root '
su root
if [ "$UID" -ne '0' ]
then
echo "************** !! ERROR !! **************"
echo
echo "You must be 'root' to execute this script."
echo
echo "************** !! ERROR !! **************"
exit
elif [ "$UID" -eq '0' ]
then
function spin
{
echo -en "-\b"
echo -n "+"
sleep .02
echo -en "\\b"
echo -n "+"
sleep .02
echo -en "|\b"
echo -n "+"
sleep .02
echo -en "/\b"
echo -n "+"
sleep .02
echo -en "-\b"
echo -n "+"
sleep .02
echo -en "x\b"
sleep .02
echo -n "+"
}

for i in `seq 1 3`; do spin; done
echo
fi


I can do the following (which I have done, and it works):
Code:

#!/bin/bash

printf 'Root '
su root -c /home/bob/bin/spinner
if [ "$UID" -ne '0' ]
then
echo
echo "***************  !! ERROR !!  ****************"
echo
echo "  You must be 'root' to execute this script.  "
echo
echo "***************  !! ERROR !!  ****************"
echo
exit
fi

That gets the root password and then executes a separate script. I want it to be implemented in the same script
that I'm trying to run.
Any ideas??

Thanks!!


Top
 Profile  
 PostPosted: Mon Oct 23, 2006 1:57 pm   
User avatar

Joined: Mon Jul 03, 2006 8:58 pm
Posts: 52
Location: Rochester, NY
You've pretty much hit the nail on the head. Either you use 'su' or 'sudo' to run a command (separate script) or you check for root user and bail out if it's not found, leaving the running as root up to the user to decide (su vs. sudo vs. login as root).

I've not actually gone into the guts of KDE and Gnome apps that request root password to continue, but I believe it's simply calling sudo or 'su -c' under the hood to run a single command.


Top
 Profile WWW  
 PostPosted: Mon Oct 23, 2006 6:33 pm   

Joined: Tue Oct 10, 2006 5:44 pm
Posts: 21
Location: Brighton, Michigan
Are you saying that if I 'su -c' in a script that it has to point to another script and not the one that I'm in?

I'm not sure my original question was answered. Sorry if I didn't read it correctly.

This is what I'm attempting....(abbreviated version)

Code:

#!/bin/bash

# Getting user to provide correct root passwd to be able to execute the remainder of this script
# and not have the '-c' option point to a different script or program to execute.

su -c  "/.this script"
if [ "$UID" -eq '0' ]
then continue executing this script beyond the if/then statements
fi
if [ "$UID" != '0' ]
then
echo "Error message"
exit
fi

function something  {

guts of function

}

execute function

exit


Does what I tried to explain make any sense?


Top
 Profile  
 PostPosted: Tue Oct 24, 2006 12:10 am   
Site Admin
User avatar

Joined: Sun May 15, 2005 9:36 pm
Posts: 669
Location: Des Moines, Iowa
su -c only works on "1" command at a time..... not entire scripts.... you are not able to call functions as root though unless you enclose the entire set of commands with single quotes..... "fooling" it sort of by enclosing multiple commands with single quotes..... Here is a quick script that displays what su -c will do.....

Code:
#!/bin/bash
# whoami.sh by Crouse
# Written simply as an example of su -c
# 10-24-2006

# logged in as normal user here
echo -e "I am logged in as user: \c"; whoami
echo "";
echo "Now I am going to go into a subshell and call root with su -c"
echo " "

# using the ( ) putting you in a subshell callin su -c to get root permissions for ONE command. using the ' ' to enclose 2 commands to look as one to the subshell.
(su -c 'echo -e "Now in subshell I am user: \c"; whoami'; echo -e "I am still in subshell, but after the ONE command I am now user: \c"; whoami)
echo " "

# Back out of the subshell -- showing we are normal user again still.
echo -e "Now I'm out of the subshell and in a normal shell and I am: \c"; whoami
echo " "
echo "Now I am going to call root again in the normal shell with su -c"
# In normal shell -- showing the su -c called again... root for the ONE command (actually 2 because of the ' ' enclosing single quotes.
su -c 'echo -e "Now in regular shell I am user: \c"; whoami';
echo " "
echo "The root command is done after one call with su -c --- so I am finally done now :) "
# Still in nomral shell.... showing who i am again....... after the root call.....from su -c
echo -e " Finally.... I am myself again: \c" ; whoami


Quote:
[crouse@localhost Scripts]$ sh whoami.sh
I am logged in as user: crouse

Now I am going to go into a subshell and call root with su -c

Password:
Now in subshell I am user: root
I am still in subshell, but after the ONE command I am now user: crouse

Now I'm out of the subshell and in a normal shell and I am: crouse

Now I am going to call root again in the normal shell with su -c
Password:
Now in regular shell I am user: root

The root command is done after one call with su -c --- so I am finally done now :)
Finally.... I am myself again: crouse
[crouse@localhost Scripts]$


Last edited by crouse on Tue Oct 24, 2006 12:27 am, edited 1 time in total.

Top
 Profile WWW  
 PostPosted: Tue Oct 24, 2006 12:25 am   
Site Admin
User avatar

Joined: Sun May 15, 2005 9:36 pm
Posts: 669
Location: Des Moines, Iowa
One more example....... I think this is REALLY what you wanted to do...... ;)

Code:
#!/bin/bash
# rootspintest.sh
# Another example of "fooling" su -c into thinking multiple commands are just ONE command.
# by Crouse 10-24-2006

echo -e "I am now: \c"; whoami

su -c 'echo -e "I am now: \c"; whoami;

function spin
{
echo -en "-\b"
echo -n "+"
sleep .02
echo -en "\\b"
echo -n "+"
sleep .02
echo -en "|\b"
echo -n "+"
sleep .02
echo -en "/\b"
echo -n "+"
sleep .02
echo -en "-\b"
echo -n "+"
sleep .02
echo -en "x\b"
sleep .02
echo -n "+"
}

for i in `seq 1 3`; do spin; done'

echo " "
echo -e "I am now: \c"; whoami
echo "Test complete"



Quote:
[crouse@localhost Scripts]$ sh rootspintest.sh
I am now: crouse
Password:
I am now: root
+++++++++++++++
I am now: crouse
Test complete
[crouse@localhost Scripts]$


Top
 Profile WWW  
 PostPosted: Tue Oct 24, 2006 10:36 pm   

Joined: Wed Sep 06, 2006 12:19 pm
Posts: 54
Location: Covington, WA
Freestone wrote:
I've been goofing around with 'su' in a script but I'm getting nowhere fast.
I'm trying to get the script to get the root password in order to continue on
in the script, but I'm getting errors. I just used a bash spinner script to try
this on.

If I give it the wrong password, it prints the error message and then exits.
If I enter the correct password, it changes the UID to 0 and then takes me
to 'roots' bash prompt. At roots bash prompt, I then type 'exit' and then it
prints out the error message from the script. I don't want that...I want it to
continue on to perform the function.

Code:

#!/bin/bash

# Just for fun

printf 'Root '
su root
if [ "$UID" -ne '0' ]
  ...blah-blah...

That gets the root password and then executes a separate script. I want it to be implemented in the same script
that I'm trying to run.
Any ideas??

Thanks!!


Try this instead:
Code:
if [ "$UID" -ne '0' ];then
printf "Root "; su root -c "$0"
else
function spin
{
blah-blah
}

In other words, replace the error message with the 'su root -c' command.......This will have root rerun the same script as root, after which you will become the current user again when the script finishes...

:-)
---thegeekster


Top
 Profile  
 PostPosted: Wed Oct 25, 2006 4:33 am   
User avatar

Joined: Mon Jul 03, 2006 8:58 pm
Posts: 52
Location: Rochester, NY
Very slick thegeekster! :)


Top
 Profile WWW  
 PostPosted: Wed Oct 25, 2006 10:47 am   

Joined: Tue Oct 10, 2006 5:44 pm
Posts: 21
Location: Brighton, Michigan
thegeekster,

You wrote:

Quote:

Try this instead:
Code:
if [ "$UID" -ne '0' ];then
printf "Root "; su root -c "$0"
else
function spin
{
blah-blah
}

In other words, replace the error message with the 'su root -c' command.......This will have root rerun the same script as root, after which you will become the current user again when the script finishes...


Now, I'm going to reveal how much I don't know. I'm curious about the ' "$0" '. What is the actual purpose of
using ' 0 ' as a variable or string here? After 'su' the '-c' represents a command, so, what is the command "$0"?
I'm blind, help me!! :lol: :lol: :lol:


Top
 Profile  
 PostPosted: Wed Oct 25, 2006 11:03 am   

Joined: Tue Oct 10, 2006 5:44 pm
Posts: 21
Location: Brighton, Michigan
Ahhhhhhhhhhh!

Got it!

I think.

Code:
[color=olive]

printf "Root "; su -c "$0"

[/color]


The purpose of the command "$0" sets the UID to zero and starts at the beginning of the script and then the if'/then recognizes that
the UID actually = 0 and continues on in the script....am I close here?


Top
 Profile  
 PostPosted: Wed Oct 25, 2006 12:37 pm   

Joined: Wed Sep 06, 2006 12:19 pm
Posts: 54
Location: Covington, WA
Freestone wrote:
Ahhhhhhhhhhh!

Got it!

I think.

Code:
[color=olive]

printf "Root "; su -c "$0"

[/color]


The purpose of the command "$0" sets the UID to zero and starts at the beginning of the script and then the if'/then recognizes that
the UID actually = 0 and continues on in the script....am I close here?


No. not quite :-) .......In bash, there are several parameters that are treated specially, called special parameters ($*, $@, $#, $?, $-, $$, $!, $0, $_ ) or positional parameters ($1 - $9). '$0' (this is a zero, not uppercase o) is a special parameter (and not a positional parameter) which takes the name of the shell or the script that invokes it. If you enter 'echo $0' on the command line, it will return '/bin/bash' (the name of the shell you're in). If you put the same command in a script, it will return the name of the script as it was called, either 'script' or '/path/to/script'..........From the bash manpage:
Code:
0
    Expands to the name of the shell or shell script. This is set at shell initialization. If bash is invoked with
    a file of commands, $0 is set to the name of that file.

Soooo......what you're doing with 'su root -c "$0" is calling the very same script as root, since with parameter expansion that takes place, the command becomes 'su root -c "scriptname"........

HTH :-)
---thegeekster


Top
 Profile  
 PostPosted: Wed Oct 25, 2006 1:24 pm   

Joined: Tue Oct 10, 2006 5:44 pm
Posts: 21
Location: Brighton, Michigan
Perfect!

Thanks, and, ah, a giant mug-o-beer to you!!


Top
 Profile  
 PostPosted: Wed Oct 25, 2006 3:30 pm   

Joined: Wed Sep 06, 2006 12:19 pm
Posts: 54
Location: Covington, WA
N/P........and thanx.................*glug-glug-glug*.........ahhhhhhhh :D


Top
 Profile  
 PostPosted: Thu Oct 26, 2006 12:07 am   
Site Admin
User avatar

Joined: Sun May 15, 2005 9:36 pm
Posts: 669
Location: Des Moines, Iowa
thegeekster's way will run the ENTIRE script as UID0 .... just using su -c will allow you to run "part" of a script with root permissions...... very interesting ...... ;)


Top
 Profile WWW  
 PostPosted: Thu Oct 26, 2006 1:54 am   
Site Admin

Joined: Tue May 17, 2005 7:31 pm
Posts: 251
Location: Georgia
so... out of curiousity.. what would be the point in running su -c inside a script (and calling back to itself) as apposed to running the script like
Code:
su -c "<script name>"

i guess if you wanted to return to a normal user... i could see that... but i can't say i've run into that very frequently... guess i just havn't been around the block enough :D


Top
 Profile  
 PostPosted: Thu Oct 26, 2006 4:25 am   
User avatar

Joined: Mon Jul 03, 2006 8:58 pm
Posts: 52
Location: Rochester, NY
I could see it being used as a way to run a script as root for users who are not intimately familiar with su -c or sudo or even su. If this script was given to a Linux newbie who at a minimum knows what the root password is, they could execute the script, be prompted for the root password (just like any GUI tool in KDE or Gnome) and then run the script as root if the password is correct or bomb out otherwise.

It also pretty much guarantees that this script cannot be run as non-root, but there are other ways to do that.

I guess I see the usefulness in being self-contained. It's "smart" enough to ask for the root password if you didn't already execute the script as root (through ignorance or simply forgetfulness). Could be dangerous too, but no worse than any other tool that prompts for the root password before running.


Top
 Profile WWW  
 PostPosted: Fri Oct 27, 2006 2:04 pm   

Joined: Wed Sep 06, 2006 12:19 pm
Posts: 54
Location: Covington, WA
Just to point out.......this whole exercise was to use the su -c command in a script, as a learning experience.....So, yes, the whole script is run as root.......

Usually, if I need to do something as root while a normal user, I do what jbsnake suggested and use it on the command line, and not in a script, and I have a function named 'rootcmd' in my user's startup profile to do this.......Tab completion makes it a bit easier for that purpose.... ;-)

But, this would be very useful if you're trying to come up with an automated build process, where you should do as much as you can as a regular user, and only drop into root mode when it comes time to do the actual install and create the package.....Some of the more 'hand-on' distros will do the whole build process as root, and I've been working on a build program suited for Slackware which will implement the approach I outlined....

But that's another story... :-) .........Here, the whole point was as a learning exercise of using it in a script...
Quote:
I've been goofing around with 'su' in a script but I'm getting nowhere fast.
I'm trying to get the script to get the root password in order to continue on
in the script, but I'm getting errors. I just used a bash spinner script to try
this on.


---thegeekster


Top
 Profile  
 PostPosted: Fri Oct 27, 2006 2:46 pm   

Joined: Wed Sep 06, 2006 12:19 pm
Posts: 54
Location: Covington, WA
For added safety, you could modify the script and add this:
Code:
if [ "$UID" -ne '0' ];then
printf "Root "; su root -c "$0"
else

echo -e "You are about to run this command with full root privileges:\n        ${0} ${@}\n"
read -p "Do you wish to continue? [yes/no] "
test "${REPLY}" != "yes"  &&  exit

function spin
{
blah-blah
}


:-)
---thegeekster


Top
 Profile  
 PostPosted: Fri Oct 27, 2006 5:37 pm   

Joined: Tue Oct 10, 2006 5:44 pm
Posts: 21
Location: Brighton, Michigan
Just to throw in a few cents here...

The only reason I wanted to do this is it is related to the script I posted a few weeks ago (Simple financial records script)
The input and output of that script is sensitive and secret and I was just looking for a way to execute it only as root. I'm not looking
to get in the habit of doing this, it was basically just for that particular script. Nevertheless, I learned something!!! And that is cool! :P
This forum is really helpful and I really enjoy it. Thanks to crouse, jbsnake and all others that post in here!!

Cheers and Beers!!!


Top
 Profile  
 PostPosted: Fri Oct 27, 2006 6:59 pm   

Joined: Wed Sep 06, 2006 12:19 pm
Posts: 54
Location: Covington, WA
FWIW, if the input and output is sensitive, then you don't want anything going to a terminal or console.......You would have to have the script read the input from a file that's readable only by root, and the same for the output - put it in a file readable only by root.......

That would be a minimal security measure..........for more security, look into file and directory encryption........

:-)


Top
 Profile  
 PostPosted: Sat Oct 28, 2006 7:49 am   
User avatar

Joined: Mon Jul 03, 2006 8:58 pm
Posts: 52
Location: Rochester, NY
How does the input/output being sensitive have anything to do with root? Assuming you're running a secure OS like Linux (a big stretch, I know) why is anyone besides yourself using your account? Do you not have a secure password on your account or do you leave yourself logged in all the times in a place where others can access your computer while you're not around?

<soap_box>Hiding your sensitive information in the root account is tantamount to "security through obscurity" and we all know how well that works in practice with Microsoft and other businesses. Better would be to: 1) make sure each user has their own account with no access to other users' accounts, 2) place all your sensitive data in your home directory where others can't get to it, 3) give yourself a secure password, 4) when you're not at your machine lock the screen/logout so others can't just waltz into your account and start poking around, 5) encrypt the files you really want secured if you think someone may still get into your account (because they have sudo access, know the root password, or know your password).

I'm assuming you're the only one who knows the root password on your machine, or at least you're one of a trusted few and you're not trying to hide this data from those trusted few. That being the case, there's no point in locating the files somewhere root can get to them but you can't because even fewer people should be accessing files created by your user. If you can't trust the trusted few, then you're only left with encryption.</soap_box>

In summary, given your reasons for needing the "change to root" script - besides just learning more about bash scripting - you should probably not need this functionality at all.


Top
 Profile WWW  
 PostPosted: Sat Oct 28, 2006 11:04 am   

Joined: Tue Oct 10, 2006 5:44 pm
Posts: 21
Location: Brighton, Michigan
BrionS,

I'm just trying to learn something new.


Top
 Profile  
 PostPosted: Sat Oct 28, 2006 11:10 am   

Joined: Tue Oct 10, 2006 5:44 pm
Posts: 21
Location: Brighton, Michigan
thegeekster wrote:
Quote:
FWIW, if the input and output is sensitive, then you don't want anything going to a terminal or console.......You would have to have the script read the input from a file that's readable only by root, and the same for the output - put it in a file readable only by root.......

That would be a minimal security measure..........for more security, look into file and directory encryption........

Smile



The script that I wrote for my financial stuff reads and writes from two other files (One stores yesterdays balance and the other stores every
daily update to the balance ) and both of those file are only accessible by root 'rwx------'. So, in response to the geekster, what you suggested is exactly what I've done. And like my above reply to BrionS, I'm just here to learn and have fun. There may be a time in the future when I write something that I only want root to be able to run...and now because of this thread, I have a good grip on how to do it.

Thanks guys! 8)


Top
 Profile  
 PostPosted: Sat Oct 28, 2006 11:22 pm   
User avatar

Joined: Mon Jul 03, 2006 8:58 pm
Posts: 52
Location: Rochester, NY
I'm not trying to discourage learning, just trying to make sure while you're learning how to do things, that you also learn when its appropriate to use what you've learned and when it's possibly overkill or a false sense of security.

Just trying to point out some things you may not have thought of. Please don't take it as discouragement or scolding (or even telling you how you should do things).

Cheers!


Top
 Profile WWW  
 PostPosted: Sun Oct 29, 2006 6:00 pm   

Joined: Tue Oct 10, 2006 5:44 pm
Posts: 21
Location: Brighton, Michigan
BrionS,

Thanks for your reply. I have to admit, when I learn something new, I beat it to death so I learn it. And there is a risk of using something
at an inappropriate time. I have so much to learn concerining computers, but, there is no rush.

Thanks again.


Top
 Profile  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 24 posts ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: Bing [Bot] and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
cron


BashScripts | Promote Your Page Too
Powered by phpBB © 2011 phpBB Group
© 2003 - 2011 USA LINUX USERS GROUP