在shell脚本中以root身份运行命令

Question

I'm working on a script that will shred a usb drive and install Kali linux with encrypted persistent data.

#! /bin/bash

cd ~/Documents/Other/ISOs/Kali
echo "/dev/sdx x=?"
read x
echo "how many passes to wipe? 1 will be sufficient."
read n
echo "sd$x will be wiped $n times."
read -p "do you want to continue? [y/N] " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
        exit 1
fi

echo "Your role in the installation process is not over. You will be prompted to type YES and a passphrase."

sudo shred -vz --iterations=$n /dev/sd$x

echo "Wiped. Installing Kali"
sudo dd if=kali-linux-2.0-amd64.iso of=/dev/sd$x bs=512k

echo "Installed. Making persistence."

y=3

sudo parted /dev/sd$x mkpart primary 3.5GiB 100%
x=$x$y
sudo cryptsetup --verbose --verify-passphrase luksFormat /dev/sd$x
sudo cryptsetup luksOpen /dev/sd$x my_usb
sudo mkfs.ext3 -L persistence /dev/mapper/my_usb
sudo e2label /dev/mapper/my_usb persistence

sudo mkdir -p /mnt/my_usb
sudo mount /dev/mapper/my_usb /mnt/my_usb
sudo -i
echo "/ union" > /mnt/my_usb/persistence.conf
umount /dev/mapper/my_usb

cryptsetup luksClose /dev/mapper/my_usb

echo "Persistence complete. Installation complete."

It works nearly perfectly. These commands individually entered into the terminal will create the desired effect, but the problem comes in at line 37:

sudo echo "/ union" > /mnt/my_usb/persistence.conf

That command won't work unless I'm logged in as root user. To solve this I tried adding the sudo -i command before, but once I do that all of the following commands are skipped.

It's okay if the solution suggested requires me to type in the password. I don't want the password stored in the script, that's just wreckless.

Side note, I didn't make a generic form for this question because I want other people to be able use this if they like it.

Answer 1

The problem is that the echo runs with root privilege but the redirection happens in the original shell as the non-root user. Instead, try running an explicit sh under sudo and do the redirection in there

sudo /bin/sh -c 'echo "/ union" > /mnt/my_usb/persistence.conf'

Answer 2

The problem is that when you type in the following command:

sudo echo "/ union" > /mnt/my_usb/persistence.conf

Only the "echo" will be run as root through sudo, but the redirection to the file using > will still be executed as the "normal" user, because it is not a command but something performed directly by the shell.

My usual solution is to use tee so that it runs as a command and not as a shell built-in operation, like this:

echo "/ union" | sudo tee /mnt/my_usb/persistence.conf >/dev/null

Now the tee command will be run as root through sudo and will be allowed to write to the file. >/dev/null is just added to keep the output of the script clean. If you ever want to append instead of overwrite (eg you would be using >> normally), then use tee -a .