Shell – How to reuse sudo for a series of commands in a bash script

shell-scriptsudo

I have script that opens several terminal windows running iftop for observing various ports activities.

Each terminal that opens asks me for the sudo password … which is a bit of a pain considering that there are 5 terminals overall.

So my question is, how do I type in sudo password once and have all the windows run using that permission rather than typing it in per window?

#!/bin/bash

TITLE="${USER}@${HOSTNAME}"' iftop (h=help, L=lin/log scales, t=line display mode, T=line totals, p=port display)'
gnome-terminal --title "$TITLE" -e 'sh -c "sudo iftop -P -f \"port 22\""' --hide-menubar --zoom=0.85

TITLE="${USER}@${HOSTNAME}"' iftop (h=help, L=lin/log scales, t=line display mode, T=line totals, p=port display)'
gnome-terminal --title "$TITLE" -e 'sh -c "sudo iftop -P -f \"port 33 or port 44\""' --hide-menubar --zoom=0.85

TITLE="${USER}@${HOSTNAME}"' iftop (h=help, L=lin/log scales, t=line display mode, T=line totals, p=port display)'
gnome-terminal --title "$TITLE" -e 'sh -c "sudo iftop -P -f \"(port 55) or (port 66)\""' --hide-menubar --zoom=0.85

I did try running the entire script as sudo and that results in all the terminals being opened also being a sudo terminal. What I need is a regular terminal running the sudo iftop instead.

Best Answer

Is timestamp_type in /etc/sudoers or /etc/sudoers.d/* set to tty or ppid? tty is the default according to sudo's man page:

timestamp_type - sudoers uses per-user time stamp files for credential caching. The timestamp_type option can be used to specify the type of time stamp record used. It has the following possible values:

global A single time stamp record is used for all of a user's login sessions, regardless of the terminal or parent process ID. An additional record is used to serialize password prompts when sudo is used multiple times in a pipeline, but this does not affect authentication.

ppid A single time stamp record is used for all processes with the same parent process ID (usually the shell). Commands run from the same shell (or other common parent process) will not require a password for timestamp_timeout minutes (15 by default). Commands run via sudo with a different parent process ID, for example from a shell script, will be authenticated separately.

tty One time stamp record is used for each terminal, which means that a user's login sessions are authenticated separately. If no terminal is present, the behavior is the same as ppid. Commands run from the same terminal will not require a password for timestamp_timeout minutes (15 by default).

The default value is tty.

This setting is only supported by version 1.8.21 or higher.

If it is set to tty or ppid, then that explains why you're being asked for a password every time. Each sudo command you're running is being executed in a separate gnome-terminal, and thus a separate tty AND a different parent PID.

Looks like global is the only setting that will allow what you want.

If that doesn't help, what's your timestamp_timeout setting? Is it set to 0? The default should be 15 minutes.

Also check the other timestamp* settings (timestampdir, timestampowner). They could cause this problem if timestampdir (the default on my debian sid system is /run/sudo/ts) doesn't exist or is not rwX by timestampowner (default root).

sudo will log a descriptive error message via syslog and email the administrator (root) if these settings result in an error.

One other option is to edit /etc/sudoers so that your user can run iftop without needing to enter your password. e.g.

yourusernamehere ALL= NOPASSWD: /usr/sbin/iftop

See How to run a specific program as root without a password prompt? for more details on this.

Related Question