编写执行需要 root 权限的操作的 bash 脚本
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5207974/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Writing a bash script that performs operations that require root permissions
提问by Varun Madiath
I'm trying to write a bash script that sets up my web development environment in ubuntu. As part of the process of setting up the script, it needs to edit files that are owned by root. It also needs to create fields in the public_html directory of the user that runs the script.
我正在尝试编写一个 bash 脚本,用于在 ubuntu 中设置我的 Web 开发环境。作为设置脚本过程的一部分,它需要编辑 root 拥有的文件。它还需要在运行脚本的用户的 public_html 目录中创建字段。
Should I therefore require that the script be run as the superuser? If it should, then how do I get it to access the current user's username? I would normally use the $USER variable, but I can't do that if the script is being run as the superuser. If I'm not the superuser, how can I get the script to request super user privileges for certain operations, while not requiring the user to type in a password for every operation that requires super user privileges.
因此,我是否应该要求以超级用户身份运行脚本?如果应该,那么我如何让它访问当前用户的用户名?我通常会使用 $USER 变量,但如果脚本以超级用户身份运行,我就不能这样做。如果我不是超级用户,如何让脚本为某些操作请求超级用户权限,同时又不要求用户为每个需要超级用户权限的操作输入密码。
Thanks
谢谢
回答by K. Norbert
You can use the -E flag for sudo to preserve the environment variables, or, you can set up sudoers to preserve the environment on a per-command basis.
您可以使用 sudo 的 -E 标志来保留环境变量,或者,您可以设置 sudoer 以在每个命令的基础上保留环境。
You can also set up the sudoers file to not ask for a password on a per-command basis, for example, to allow user xy to use smbmount without asking for a password:
您还可以将 sudoers 文件设置为在每个命令的基础上不要求输入密码,例如,允许用户 xy 使用 smbmount 而不要求输入密码:
xy ALL=NOPASSWD: /usr/bin/smbmount
In your case, it would be enough to just store the current user in a variable before invoking sudo, and use the already saved username:
在您的情况下,在调用 sudo 之前将当前用户存储在变量中就足够了,并使用已经保存的用户名:
CURRENT_USER=$USER
sudo yourscript.sh $CURRENT_USER
Then read the username from $1.
You can also use the SUDO_USERenv variable, which is set to the user who is invoking sudo.
然后从 $1 中读取用户名。您还可以使用SUDO_USERenv 变量,该变量设置为调用 sudo 的用户。
回答by Plap
Insert a check at the top of the script:
在脚本顶部插入一个检查:
# Make sure only root can run this script
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root" 1>&2
exit 1
fi
In this way when you run it without the root privileges you will be prompted, then you can simply rerun it the right way with:
这样,当您在没有 root 权限的情况下运行它时,系统会提示您,然后您可以简单地以正确的方式重新运行它:
sudo yourscript.sh
More infos at http://www.cyberciti.biz/tips/shell-root-user-check-script.html
更多信息请访问http://www.cyberciti.biz/tips/shell-root-user-check-script.html
回答by Vamana
There's a command named sudofor this purpose. It lets you specify that certain users can run certain commands as root (or another user).
有一个sudo为此目的命名的命令。它允许您指定某些用户可以以 root(或其他用户)身份运行某些命令。
回答by Erik
If your users have root access anyway, you could just write a script that must be run as root and takes an username as parameter, instead of picking up the username.
如果您的用户无论如何都具有 root 访问权限,您可以编写一个必须以 root 身份运行并以用户名作为参数的脚本,而不是获取用户名。
Alternatively, one way of picking up the login username in an interactive shell is:
或者,在交互式 shell 中获取登录用户名的一种方法是:
stat -Lc %U /proc/self/fd/0
This retrieves the ovner of the tty associated with stdin.
这将检索与 stdin 关联的 tty 的 ovner。
回答by atx
Just make it a setuid file. Or use sudo which is probably safer, since you can limit who gets to run it.
只需将其设为 setuid 文件即可。或者使用 sudo 这可能更安全,因为您可以限制谁可以运行它。
chmod 4755 script.sh
回答by pepoluan
In Ubuntu, there's the SUDO_USERenvironment variable.
在 Ubuntu 中,有SUDO_USER环境变量。
So, you can just run your script sudo somescript.shand have it pull the invoking user's username $SUDO_USER.
因此,您只需运行您的脚本sudo somescript.sh并让它提取调用用户的 username $SUDO_USER。
Not sure on other dists, though.
不过,在其他 dist 上不确定。
