Ubuntu – Where should I put the bash scripts

bashscriptssudo

I have a few very simple bash scripts that I cobbled together for things that I do regularly. One of them is to run duplicity to do my backup tasks. Nothing clever just a bunch of if .. then statements really. As this needs to be run as sudo would it be best practice to put my script in /usr/bin ( or other location in PATH ) , chown to root.root and chmod to 700 ?

Best Answer

I save my own scripts in /opt/scripts.

If your script should executeable by every system user, you can create a symbolic link to /usr/bin.

If only root should execute the script, you can create a symbolic link to /usr/sbin.

Command to add a symbolic link in /usr/bin/:

ln -s /opt/scripts/<script> /usr/bin/

You can execute the script, because /usr/bin/ is in your PATH by default.

Related Solutions

Ubuntu – Possible to obfuscate Bash scripts

Code obfuscation is just a layer of false sense of security. You could learn and write the code in a c or c++ language that is compiled. Plus, if you can deobfuscate it, then probably someone else will.

Nevertheless, some obfuscation scripts are mentioned here:

http://www.linuxquestions.org/questions/linux-general-1/can-i-encrypt-a-shell-script-828096/
http://www.datsi.fi.upm.es/~frosal/ (shc used to exist in debian/ubuntu repositories but has been removed since it's easy to decrypt and exploitable)

On the other hand, you could set up the script permissions so that it cannot be read by other users except for the root (or setup the sudoers file and configure it with sudo).

Ubuntu – Should I execute bash scripts from python with `bash` or `./`

First, regarding the dot in ./script.sh, this indicates that script.sh can be found in the working directory, it means something like "look for script.sh here, in this directory". This is known as dot slash, and it is well explained here.

I see three options:

If you intend to restrict the file to only run if it is in the user's current working directory when he runs your Python script, then use the dot slash. However, this doesn't seem like the best idea: it will lead to exceptions most of the time.
If you intend to restrict your shell script to run only if it is in the same directory as your Python script, then you would need to find out your Python script's directory and prefix it to the name of your script.
If you intend to place your shell script elsewhere in your PATH, don't use the dot slash.

Now, sending "bash" as an argument to the Popen constructor seems more like a matter of preference. If you don't want to send it as an argument, then you will need to add a shebang to the shell script, e.g. #!/bin/bash, and you will need to add execute permissions to it. These are perfectly acceptable things to do.

One benefit of doing it this way is if later one changes the shell interpreter, it won't be necessary to modify every single call to that script in who knows how many Python scripts.

And one can just call the script like:

cmd = subprocess.call('script.sh')
# or
cmd = subprocess.call(sdir + 'script.sh')
# Where sdir stands for the script's directory,
# which you would need to find before, as in option #2.

Notes:

Even if your script runs without a shebang normally (in which case it almost certainly gets executed by dash and not by bash on Debian based distros), when calling it from python like this, it will fail and raise an OSError exception with errno 8 (errno.ENOEXEC).

If it's really necessary, use Popen.

Best Answer

Related Solutions

Ubuntu – Possible to obfuscate Bash scripts

Ubuntu – Should I execute bash scripts from python with `bash` or `./`

Related Question