Shell – sudo script – best practice

shell-scriptsudo

I have a script in which some of the commands need to be run as sudo.
I have seen it asserted that running sudo inside scripts is a bad idea, and that is is better to run the whole script as sudo (and then possibly modify sudoers for convenience, as described here).

I have thought about it, and can't actually see any reason not to run sudo commands inside scripts. Assuming the script and its directory are both owned by root, and therefore unadulterated, I can't see any difference, from a security point of view. (And even if it were, running the whole script as sudo would be no less dangerous). Am I missing something here?

Best Answer

Running sudo is a bad idea because you don't know what will happen and if it's really necessary:

Will a password prompt be shown? If so, who is going to type a password? Remember: your script may be run in a shell by a human, but could also be run in background, at startup, by cron or in other situations where a terminal is not available.
Will the user type her password if she sees the prompt? Personally, I would immediately stop scripts asking me for a password. Also, I may not even notice the prompt if your script produces a lot of output.
Is sudo available and configured? Can the current user run sudo? The answer to one of these question may be 'no', in which case you should let the user choose how to give your script the necessary privileges.
Are you sure you need to be superuser? Maybe I configured my system so that your script does not need root privileges at all, in which case sudo is totally unnecessary and can be very disturbing.

Please let me decide what privileges you need and how to give them to you.

Running sudo may be a good idea if you're root and you want to drop your privileges. For example, you may open a file that is owned by root and then immediately switch to nobody:nogroup for security reasons. Still, the problem that sudo may not be available or may not be configured remains.

Related Solutions

Cron Sudo – Why Cron Fails to Run Sudo Commands in Scripts

Sudo has some special options in it's permissions file, one of which allows a restriction on it's usage to shells that are are running inside a TTY, which cron is not.

Some distros including the Amazon Linux AMI have this enabled by default. The /etc/sudoers file will look something like this:

# Disable "ssh hostname sudo <cmd>", because it will show the password in clear.
#         You have to run "ssh -t hostname sudo <cmd>".
#
Defaults    requiretty

#
# Refuse to run if unable to disable echo on the tty. This setting should also be
# changed in order to be able to use sudo without a tty. See requiretty above.
#
Defaults   !visiblepw

If you had captured output to STDERR at the level of the shell script rather than the sudo command itself, you would have seem a message something like this:

sorry, you must have a tty to run sudo

The solution is to allow sudo to execute in non TTY environments either by removing or commenting out these options:

#Defaults    requiretty
#Defaults   !visiblepw

Shell script: use sudo inside it vs run it with sudo

To address your first issue:

how can I write "script would detect if it was running with the right permissions and not call sudo at all"?

There is a simple and POSIX check for root:

#!/bin/sh
is_user_root ()
{
    [ "$(id -u)" -eq 0 ]
}

Alternatively, in Bash, more performance-driven coders might want to use:

#!/bin/bash
is_user_root ()
{
    [ ${EUID:-$(id -u)} -eq 0 ]
}

Note that I intentionally wrapped the code in functions for re-use.

To address your second issue:

how can I improve its security to avoid the problem of giving superuser privileges to commands which don't need them when running the script with sudo?

You can't do much about this. At least nothing comes to my mind. If I saw the script, I might have suggestions. But since you did not include it in your question... If you run the whole script with sudo or as root, I see no way to control this.

To address the comment:

What do you think of "use sudo inside it vs run it with sudo"

In my scripts, I usually proceed with the latter approach, but that does not necessarily mean I recommend it to you. Because it depends on who the script is meant for - for root only; for user mostly with the exception of having some users having sudo rights; you would have to literally include your script into the question for me to be able to answer with any value.

Best Answer

Related Solutions

Cron Sudo – Why Cron Fails to Run Sudo Commands in Scripts

Shell script: use sudo inside it vs run it with sudo

Related Question