在使用sudo运行的脚本中停止root
[英]Stop being root in the middle of a script that was run with sudo
问题描述
There is a list of commands that only succeed when they are prefaced with sudo . 
有一个命令列表只有在以sudo开头时才会成功。
There is another list of commands that only succeed when the user runs them without sudo . 还有另一个命令列表,只有当用户在没有sudo情况下运行它们时才会成功。
I want to execute all of these commands from the same script. 我想从同一个脚本执行所有这些命令。
I'd like to avoid having to do the following: 我想避免做以下事情:
#!/usr/bin/env bash
sudo sudo_command_one;
sudo sudo_command_two;
sudo sudo_command_three;
non_sudo_command;
sudo sudo_command_four;
The reason for this, is because sudo has a time-out, and these commands will likely take a long time. 原因是因为sudo有超时,这些命令可能需要很长时间。 I don't want to be burdened with having to re-type the sudo password occasionally. 我不想承受偶尔重新输入sudo密码的负担。 I could perhaps extend the time-out of sudo indefinitely, but that is also something I would prefer to avoid if there is an easier way. 我可以无限期地延长sudo的超时时间,但如果有更简单的方法,这也是我宁愿避免的。
Therefore, I'm going to run the script like this: 因此,我将像这样运行脚本:
sudo ./script
But this will prevent the non-sudo commands from working. 但这会阻止非sudo命令工作。
What are the missing commands I need: 我需要什么缺少的命令:
#!/usr/bin/env bash
sudo_command_one;
sudo_command_two;
sudo_command_three;
[turn sudo off for a moment]
non_sudo_command;
[ok, turn sudo back on]
sudo_command_four;
Unfortunately, the order of the commands cannot be rearranged so that I run all the sudo commands first, followed by all the non-sudo commands(or vice versa). 不幸的是,命令的顺序不能重新排列,所以我首先运行所有sudo命令,然后是所有非sudo命令(反之亦然)。
2 个解决方案
解决方案1
7 已采纳 2015-01-09 04:38:00
In a script run by sudo, use: 在sudo运行的脚本中,使用:
su -c "shell command; shell command" $SUDO_USER
within that script to execute commands as the normal user who invoked sudo. 在该脚本中,以调用sudo的普通用户身份执行命令。
This works because sudo sets the environment variable SUDO_USER to the original username. 这是有效的,因为sudo将环境变量SUDO_USER设置为原始用户名。
If you have a bunch of commands to run as the original user, you could use a hereis document. 如果您有一堆命令以原始用户身份运行,则可以使用hereis文档。
Here is an example script file as proof of concept: 这是一个示例脚本文件作为概念证明:
myscript.sh myscript.sh
#!/bin/bash
echo "Part 1"
echo "now running as:"
whoami
echo "SUDO_USER is:"
echo $SUDO_USER
su $SUDO_USER <<EOF
echo "Part 2"
echo "now running as:"
whoami
echo "SUDO_USER is:"
env | grep ^SUDO_USER
sleep 5
EOF
echo "Part 3"
echo "now running as:"
whoami
echo "SUDO_USER is:"
echo $SUDO_USER
And here's the output on sudo ./myscript.sh 这是sudo ./myscript.sh上的输出
Part 1
now running as:
root
SUDO_USER is:
paul
Part 2
now running as:
paul
SUDO_USER is:
SUDO_USER=paul
Part 3
now running as:
root
SUDO_USER is:
paul
Warning: This technique doesn't work so well with nested sudo. 警告:对于嵌套的sudo,此技术不能很好地工作。 If sudo is nested twice, eg 如果sudo嵌套两次,例如
sudo su
echo $SUDO_USER
---> me
sudo su
echo $SUDO_USER
---> root
SUDO_USER will return root, not the original username. SUDO_USER将返回root,而不是原始用户名。 su $SUDO_USER would then keep running as root. su $ SUDO_USER将继续以root身份运行。 Be careful to avoid that scenario, and it should work ok. 小心避免这种情况,它应该工作正常。
解决方案2
1 2015-01-09 05:12:26
Here is how I would run it in a script. 这是我如何在脚本中运行它。
#! /bin/bash
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root";
exit 1;
else
NON_ROOT_USER=$(who am i | awk '{print $1}');
echo "root ran this echo.";
sudo -u $NON_ROOT_USER echo "$NON_ROOT_USER ran this echo.";
fi
sudo ./script.sh sudo ./script.sh
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.