Run Script with Arguments as User Using Sudo or SU

susudousers

I am trying to make sure when a script is run it is run as a specific user without having to su to that user before the script is run. Also the script is run with a couple of flags for example

./myscript.sh -e dev -v 1.9

I have tried the following

[ `whoami` = myuser ] || exec sudo -S su - myuser -c "bash `pwd`/`basename $0` $@"

But the -v flag which is supposed to be an input to my script is being fed as input to su. So it complains of an invalid option, is there a way to correct the above?

NB: The person running the script has sudo privileges.

Best Answer

The current user is already in the variable $USER. So all you need is:

[ "$USER" = "myuser" ] || sudo -u myuser $0 "$@"

There is no need for sudo su, sudo can do everything you require. You also don't need pwd or basename, the $0 variable already has the full path to the script.

Your original command was starting a login shell (su -). If that's really needed (which seems strange), you can do:

[ "$USER" = "myuser" ] || sudo -iu myuser $0 "$@"

Related Solutions

Bash – Prompt for Sudo Password and Programmatically Elevate Privilege in Bash Script

I run sudo directly from the script:

if [ $EUID != 0 ]; then
    sudo "$0" "$@"
    exit $?
fi

Linux – How to transition into another domain when invoking sudo

You can specify a transition in a custom policy file (.te) like this:

module collectdlocalexec 1.0;

require {
        type collectd_t;
        type user_home_t;
        type unconfined_t;
        type shell_exec_t;
        class capability {setgid setuid };
        class file { execute read open };
        class process transition;
}

allow collectd_t self:capability { setgid setuid };
allow collectd_t user_home_t:file { execute read open };
allow collectd_t shell_exec_t:file execute;
allow collectd_t unconfined_t:process transition;

type_transition collectd_t user_home_t:process unconfined_t;

Assuming that the collection script is located under a user's home directory (and that is labeled with user_home_t).

Best Answer

Related Solutions

Bash – Prompt for Sudo Password and Programmatically Elevate Privilege in Bash Script

Linux – How to transition into another domain when invoking sudo

Related Question