Bash – Allow Script to Run as Root Without Sudo

bashrootshell-scriptsudo

I'm new here and new to bash/linux.

My teacher gave me an assignment to allow a script to be run only when you're "really" root and not when you're using sudo. After two hours of searching and trying I'm beginning to think he's trolling me. Allowing only root is easy, but how do I exclude users that run it with sudo?

This is what I have:

if [[ $EUID -ne 0 ]]; then
  echo "You must be root to run this script."
  exit
fi

Best Answer

The only way I could think of is to check one of the SUDO_* environment variables set by sudo:

#!/usr/bin/env sh

if [ "$(id -u)" -eq 0 ]
then
    if [ -n "$SUDO_USER" ]
    then
        printf "This script has to run as root (not sudo)\n" >&2
        exit 1
    fi
    printf "OK, script run as root (not sudo)\n"
else
    printf "This script has to run as root\n" >&2
    exit 1
fi

Notice that of course this solution is not future proof as you cannot stop anyone from setting a variable before running the script:

$ su
Password:
# SUDO_USER=whatever ./root.sh
This script has to run as root (not sudo)
# ./root.sh
OK, script run as root (not sudo)

Related Solutions

Debian – QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to ‘/tmp/runtime-root’ when running sudo commands

The XDG_RUNTIME_DIR is one of the standard directories, defined by the XDG Base Directory Specification (freedesktop.org)

$XDG_RUNTIME_DIR defines the base directory relative to which user-specific non-essential runtime files and other file objects (such as sockets, named pipes, ...) should be stored. The directory MUST be owned by the user, and he MUST be the only one having read and write access to it. Its Unix access mode MUST be 0700.

Basically, that's a per-user temporary file directory, to use by the XDG (Freedesktop.Org) compatible apps.

In Debian, this variable is normally set by the pam_systemd PAM module, on an interactive login.

$XDG_RUNTIME_DIR

Path to a user-private user-writable directory that is bound to the user login time on the machine. It is automatically created the first time a user logs in and removed on the user's final logout. If a user logs in once, then logs out again, and logs in again, the directory contents will have been lost in between, but applications should not rely on this behavior and must be able to deal with stale files. ...

$XDG_RUNTIME_DIR is not set if the current user is not the original user of the session.

but it is not applied when you launch an application with sudo, which is why your application (dolphin) can not see it.

It will then correctly detect this:

 QString xdgRuntimeDir = QFile::decodeName(qgetenv("XDG_RUNTIME_DIR"));
 if (xdgRuntimeDir.isEmpty()) {
     const QString userName = QFileSystemEngine::resolveUserName(myUid);
     xdgRuntimeDir = QDir::tempPath() + QLatin1String("/runtime-") + userName;
        //...
     qWarning("QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '%s'", qPrintable(xdgRuntimeDir));
 }

choose a reasonable default value, and issue a Warning (not an Error) regarding it.

Note that reusing an existing XDG_RUNTIME_DIR would not be correct to do, as it is a per-user temporary directory and having an app, running as a different user, access it, would most probably result in a broken file permissions and could ruin your existing session.

So that is not something you should try to "fix".

Also note, that you should normally use gksudo or kdesudo, to run graphical apps, for the reasons explained here.

Best Answer

Related Solutions

Debian – QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to ‘/tmp/runtime-root’ when running sudo commands

Related Question